OCPBUGS-22344: UPSTREAM: 3429: CVE-2023-44487 - bump golang.org/x/net v0.17.0

[alebedev87]

golang.org/x/net is bumped to v0.17.0:

go get golang.org/x/net@v0.17.0
go mod tidy
go mod vendor

The webhook cannot be disabled because controller-runtime is too old to have a dedicated field for any TLS option. Bumping controller-runtime@v0.13.2 showed to be expensive (may introduce new bugs).

[openshift-ci-robot]

@alebedev87: This pull request references Jira Issue OCPBUGS-22344, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.15.0) matches configured target version for branch (4.15.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @ShudiLi

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Issue

Description

Checklist

• Added tests that cover your change (if possible)
• Added/modified documentation as required (such as the README.md, or the docs directory)
• Manually tested
• Made sure the title of the PR is a good description that can go into the release notes

BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯

• Backfilled missing tests for code in same general area 🎉
• Refactored something and made the world a better place 🌟

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[candita]

/assign @gcs278
/assign

[candita]

@alebedev87 could you please open a ticket to record a watch on the future work that needs to be done for this?

[candita]

/approve

[gcs278]

Seems straightforward enough:
/lgtm

[alebedev87]

#14 to add whole NetEdge as owners.

[alebedev87]

#13 (comment) should be fixed now.

[alebedev87]

@candita : a rebase from the upstream is needed to follow up on this PR. I think we can use this user story from ALBO Next epic.

[candita]

@alebedev87 I don't know what you mean by #13 (comment). Let me know more if followup from me is needed. Re-approving as requested.

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: candita

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• DOWNSTREAM_OWNERS [candita]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@alebedev87: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[openshift-ci-robot]

@alebedev87: Jira Issue OCPBUGS-22344: Some pull requests linked via external trackers have merged:

The following pull requests linked via external trackers have not merged:

• openshift/aws-load-balancer-operator#116 is open

These pull request must merge or be unlinked from the Jira bug in order for it to move to the next state. Once unlinked, request a bug refresh with /jira refresh.

Jira Issue OCPBUGS-22344 has not been moved to the MODIFIED state.

In response to this:

golang.org/x/net is bumped to v0.17.0:

go get golang.org/x/net@v0.17.0
go mod tidy
go mod vendor

The webhook cannot be disabled because controller-runtime is too old to have a dedicated field for any TLS option. Bumping controller-runtime@v0.13.2 showed to be expensive (may introduce new bugs).

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.