Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bump golang.org/x/net to 0.17 to fix CVE-2023-39325 #5126

Merged
merged 2 commits into from
Oct 25, 2023
Merged

bump golang.org/x/net to 0.17 to fix CVE-2023-39325 #5126

merged 2 commits into from
Oct 25, 2023

Conversation

JorTurFer
Copy link
Member

@JorTurFer JorTurFer commented Oct 24, 2023
edited
Loading

This was started on #5121, but there we didn't add the replacement on go.mod, so KEDA still used the vulnerable version. This PR adds the replacement on go.mod

Checklist

  • Commits are signed with Developer Certificate of Origin (DCO - learn more)

Fixes #5122

Relates to #5121

@JorTurFer JorTurFer requested a review from a team as a code owner October 24, 2023 21:51
@github-actions
Copy link

Thank you for your contribution! 🙏 We will review your PR as soon as possible.

While you are waiting, make sure to:

Learn more about:

@JorTurFer JorTurFer enabled auto-merge (squash) October 24, 2023 21:51
@JorTurFer
update changelog
04ca2bc 
Signed-off-by: Jorge Turrado <[email protected]>
@JorTurFer
Copy link
Member Author

JorTurFer commented Oct 24, 2023
edited by github-actions bot
Loading

/run-e2e internal
Update: You can check the progress here

@zroubalik
Copy link
Member

@joelsmith FYI

@JorTurFer JorTurFer merged commit 18d3fcc into kedacore:main Oct 25, 2023
19 checks passed
@JorTurFer JorTurFer deleted the bump-dep branch October 25, 2023 07:29
zroubalik pushed a commit to zroubalik/keda that referenced this pull request Nov 27, 2023
@JorTurFer @zroubalik
bump golang.org/x/net to 0.17 to fix CVE-2023-39325 (kedacore#5126)
4467bb0
zroubalik pushed a commit to zroubalik/keda that referenced this pull request Nov 27, 2023
@JorTurFer @zroubalik
bump golang.org/x/net to 0.17 to fix CVE-2023-39325 (kedacore#5126)
394d05c 
Signed-off-by: Zbynek Roubalik <[email protected]>
zroubalik pushed a commit to zroubalik/keda that referenced this pull request Nov 27, 2023
@JorTurFer @zroubalik
bump golang.org/x/net to 0.17 to fix CVE-2023-39325 (kedacore#5126)
41d1007 
Signed-off-by: Zbynek Roubalik <[email protected]>
zroubalik pushed a commit that referenced this pull request Nov 27, 2023
@JorTurFer @zroubalik
bump golang.org/x/net to 0.17 to fix CVE-2023-39325 (#5126)
d90e9ea 
Signed-off-by: Zbynek Roubalik <[email protected]>
toniiiik pushed a commit to toniiiik/keda that referenced this pull request Jan 15, 2024
@JorTurFer @toniiiik
bump golang.org/x/net to 0.17 to fix CVE-2023-39325 (kedacore#5126)
c8c5605 
Signed-off-by: anton.lysina <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zroubalik zroubalik zroubalik approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CVE-2023-39325 (High) detected in golang.org/x/net-v0.15.0
2 participants
@JorTurFer @zroubalik