Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bump golang.org/x/net to 0.17 to fix CVE-2023-39325 #5126

Merged
merged 2 commits into from
Oct 25, 2023

Conversation

JorTurFer
Copy link
Member

@JorTurFer JorTurFer commented Oct 24, 2023

This was started on #5121, but there we didn't add the replacement on go.mod, so KEDA still used the vulnerable version. This PR adds the replacement on go.mod

Checklist

  • Commits are signed with Developer Certificate of Origin (DCO - learn more)

Fixes #5122

Relates to #5121

Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>
@JorTurFer JorTurFer requested a review from a team as a code owner October 24, 2023 21:51
@github-actions
Copy link

Thank you for your contribution! 🙏 We will review your PR as soon as possible.

While you are waiting, make sure to:

Learn more about:

@JorTurFer JorTurFer enabled auto-merge (squash) October 24, 2023 21:51
Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>
@JorTurFer
Copy link
Member Author

JorTurFer commented Oct 24, 2023

/run-e2e internal
Update: You can check the progress here

@zroubalik
Copy link
Member

@joelsmith FYI

@JorTurFer JorTurFer merged commit 18d3fcc into kedacore:main Oct 25, 2023
18 checks passed
@JorTurFer JorTurFer deleted the bump-dep branch October 25, 2023 07:29
zroubalik pushed a commit to zroubalik/keda that referenced this pull request Nov 27, 2023
zroubalik pushed a commit to zroubalik/keda that referenced this pull request Nov 27, 2023
Signed-off-by: Zbynek Roubalik <zroubalik@gmail.com>
zroubalik pushed a commit to zroubalik/keda that referenced this pull request Nov 27, 2023
Signed-off-by: Zbynek Roubalik <zroubalik@gmail.com>
zroubalik pushed a commit that referenced this pull request Nov 27, 2023
Signed-off-by: Zbynek Roubalik <zroubalik@gmail.com>
toniiiik pushed a commit to toniiiik/keda that referenced this pull request Jan 15, 2024
Signed-off-by: anton.lysina <alysina@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

CVE-2023-39325 (High) detected in golang.org/x/net-v0.15.0
2 participants