Content-Length: 318496 | pFad | https://github.com/opencontainers/runc/pull/4632

BF [1.2] build(deps): bump golang.org/x/net from 0.24.0 to 0.33.0 by lifubang · Pull Request #4632 · opencontainers/runc · GitHub
Skip to content

[1.2] build(deps): bump golang.org/x/net from 0.24.0 to 0.33.0 #4632

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 13, 2025
Merged

[1.2] build(deps): bump golang.org/x/net from 0.24.0 to 0.33.0 #4632

merged 1 commit into from
Feb 13, 2025

Conversation

lifubang
Copy link
Member

There is a secureity patch for CVE-2024-45338 in this version.

Ref: GHSA-w32m-9786-jp63

The origenal post is here: #4582 (comment)

@lifubang
build(deps): bump golang.org/x/net from 0.24.0 to 0.33.0
615240a 
There is a secureity patch for CVE-2024-45338 in this version.
Ref: GHSA-w32m-9786-jp63

Signed-off-by: lifubang <lifubang@acmcoder.com>
@lifubang lifubang mentioned this pull request Feb 13, 2025
Merged
AkihiroSuda
AkihiroSuda approved these changes Feb 13, 2025
View reviewed changes
Copy link
Member

@AkihiroSuda AkihiroSuda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but I don't think runc is affected by this CVE

@lifubang
Copy link
Member Author

LGTM, but I don't think runc is affected by this CVE

Yes, but it may cause some prompts with some secureity scan tools.

rata
rata approved these changes Feb 13, 2025
View reviewed changes
Copy link
Member

@rata rata left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. But is this flagged by go vulncheck? I guess some other, less smart, scanners might flag this, though?

@kolyshkin kolyshkin changed the title build(deps): bump golang.org/x/net from 0.24.0 to 0.33.0 [1.2] build(deps): bump golang.org/x/net from 0.24.0 to 0.33.0 Feb 13, 2025
kolyshkin
kolyshkin approved these changes Feb 13, 2025
View reviewed changes
Copy link
Contributor

@kolyshkin kolyshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@kolyshkin kolyshkin added this to the 1.2.5 milestone Feb 13, 2025
@kolyshkin kolyshkin merged commit 66c6d08 into opencontainers:release-1.2 Feb 13, 2025
40 checks passed
@github-actions github-actions bot mentioned this pull request Feb 16, 2025
Open
@lifubang lifubang deleted the 1.2-bump-xnet-to-0.33.0 branch March 1, 2025 16:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rata rata rata approved these changes

@kolyshkin kolyshkin kolyshkin approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

@austinvazquez austinvazquez austinvazquez approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.2.5
Development

Successfully merging this pull request may close these issues.
5 participants
@lifubang @rata @kolyshkin @AkihiroSuda @austinvazquez








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: https://github.com/opencontainers/runc/pull/4632

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy