Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade golang.org/x/net to v0.6.0 to fix CVE-2022-41717 and CVE-2022… #2008

Closed
wants to merge 1 commit into from
Closed

Upgrade golang.org/x/net to v0.6.0 to fix CVE-2022-41717 and CVE-2022… #2008

wants to merge 1 commit into from

Conversation

cskarby
Copy link

@cskarby cskarby commented Feb 9, 2023

Compiled the application with golang-1.20 and scanned the resulting binary with a security scanner (trivy) which found 2 issues.

Description

Updated the dependency for golang.org/x/net

Motivation and Context

How Has This Been Tested?

  • Recompiled application with updated dependency
  • trivy reported no known vulnerabilities as per 2023-02-09
  • further testing of the application is needed

Checklist:

  • My change requires a change to the documentation or CHANGELOG.
  • I have updated the documentation/CHANGELOG accordingly.
  • [x ] I have created a feature (non-master) branch for my PR.

@cskarby cskarby requested a review from a team as a code owner February 9, 2023 17:03
@satr
Copy link

satr commented Feb 20, 2023

Suggestion to upgrade to golang.org/x/net v0.7.0 due to https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3323837

@JoelSpeed
Copy link
Member

The changes here were covered in #2013, thanks

@JoelSpeed JoelSpeed closed this Mar 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@cskarby @satr @JoelSpeed