Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update module golang.org/x/net to v0.33.0 release-1.4 [SECURITY] #183

Conversation

turkenf
Copy link
Collaborator

@turkenf turkenf commented Dec 19, 2024

Description of your changes

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
golang.org/x/net v0.25.0 -> v0.33.0 age adoption passing confidence

CVE-2024-45338

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

I have:

  • Read and followed Crossplane's contribution process.
  • Run make reviewable to ensure this PR is ready for review.
  • Added backport release-x.y labels to auto-backport this PR if necessary.

How has this code been tested

https://github.com/crossplane-contrib/provider-upjet-azuread/actions/runs/12420443337

Signed-off-by: Fatih Türken <turkenf@gmail.com>
@turkenf
Copy link
Collaborator Author

turkenf commented Dec 19, 2024

/test-examples="examples/applications/v1beta2/application.yaml"

@turkenf turkenf marked this pull request as ready for review December 19, 2024 20:50
Copy link
Collaborator

@sergenyalcin sergenyalcin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @turkenf LGTM!

@turkenf turkenf merged commit 751a81e into crossplane-contrib:release-1.4 Dec 19, 2024
10 checks passed
@turkenf turkenf deleted the go-golang.org-x-net-vulnerability-1.4 branch December 19, 2024 21:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants