Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

fix(deps): update module golang.org/x/net to v0.33.0 [security] #1035

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 19, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
golang.org/x/net v0.23.0 -> v0.33.0 age adoption passing confidence
  • PR contains the label that identifies the area, one of: area:operator, area:chart
  • If the PR is targeting a Helm chart, add the chart label, e.g. chart:k8up

GitHub Vulnerability Alerts

CVE-2024-45338

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot added the dependency Depedency update label Dec 19, 2024
Copy link
Contributor Author

renovate bot commented Dec 19, 2024

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 6 additional dependencies were updated

Details:

Package Change
golang.org/x/crypto v0.21.0 -> v0.31.0
golang.org/x/mod v0.16.0 -> v0.17.0
golang.org/x/sys v0.18.0 -> v0.28.0
golang.org/x/term v0.18.0 -> v0.27.0
golang.org/x/text v0.14.0 -> v0.21.0
golang.org/x/tools v0.19.0 -> v0.21.1-0.20240508182429-e35e4ccd0d2d

@renovate renovate bot requested a review from a team as a code owner December 19, 2024 01:38
@renovate renovate bot requested review from TheBigLee and zugao and removed request for a team December 19, 2024 01:38
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
dependency Depedency update
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants