Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CVE-2024-45337] [CVE-2024-45338] Bump golang.org/x/crypto to v0.32.0 and golang.org/x/net to v0.34.0 to address CVE concerns #185

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[CVE-2024-45337] [CVE-2024-45338] Bump golang.org/x/crypto to v0.32.0 and golang.org/x/net to v0.34.0 to address CVE concerns #185

wants to merge 1 commit into from

Conversation

adwait-godbole
Copy link

@adwait-godbole adwait-godbole commented Jan 29, 2025
edited
Loading

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

This PR updates golang.org/x/crypto to v0.32.0 and golang.org/x/net to v0.34.0 to address CVE concerns.

Which issue(s) this PR fixes:

Refer #159

Special notes for your reviewer:

Hi @RainbowMango, I hope you don't mind me raising this PR. Since the issue was up since 3 weeks so thought of raising it.

Does this PR introduce a user-facing change?:

NONE

@adwait-godbole
[CVE-2024-45337] [CVE-2024-45338] Bump 'golang.org/x/net' to 'v0.34.0…
d92cbdb 
…' to address CVE concerns

Signed-off-by: adwait-godbole <[email protected]>
@karmada-bot karmada-bot added the kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. label Jan 29, 2025
@karmada-bot karmada-bot requested review from jhnine and samzong January 29, 2025 21:19
@karmada-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign kevin-wangzefeng for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@karmada-bot
Copy link
Collaborator

Welcome @adwait-godbole! It looks like this is your first PR to karmada-io/dashboard 🎉

@karmada-bot karmada-bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Jan 29, 2025
@adwait-godbole adwait-godbole changed the title [CVE-2024-45337] [CVE-2024-45338] Bump golang.org/x/net to v0.34.0 to address CVE concerns [CVE-2024-45337] [CVE-2024-45338] Bump golang.org/x/crypto to v0.32.0 and golang.org/x/net to v0.34.0 to address CVE concerns Jan 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhnine jhnine Awaiting requested review from jhnine

@samzong samzong Awaiting requested review from samzong

Assignees
No one assigned
Labels
kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@adwait-godbole @karmada-bot