Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump golang.org/x/net to v0.33.0 #167

Merged
merged 1 commit into from
Jan 3, 2025
Merged

Bump golang.org/x/net to v0.33.0 #167

merged 1 commit into from
Jan 3, 2025

Conversation

kashifest
Copy link
Contributor

This bump is required to fix GHSA-w32m-9786-jp63
Signed-off-by: Kashif Khan kashif.khan@est.tech

@kashifest
Bump golang.org/x/net to v0.33.0
65b397c 
This bump is required to fix GHSA-w32m-9786-jp63
Signed-off-by: Kashif Khan <kashif.khan@est.tech>
@cert-manager-prow cert-manager-prow bot added the dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. label Jan 3, 2025
@cert-manager-prow
Copy link
Contributor

Hi @kashifest. Thanks for your PR.

I'm waiting for a cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@cert-manager-prow cert-manager-prow bot added needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jan 3, 2025
@kashifest
Copy link
Contributor Author

/assign @inteon

@inteon
Copy link
Member

inteon commented Jan 3, 2025

@kashifest thank you for the version bump.
I'll merge this PR, but I think the cmctl binary is not affected by this CVE (govulncheck is not failing: https://github.com/cert-manager/cmctl/actions/runs/12591045529/job/35093566602).

@inteon
Copy link
Member

inteon commented Jan 3, 2025

/approve
/lgtm

@cert-manager-prow cert-manager-prow bot added the lgtm Indicates that a PR is ready to be merged. label Jan 3, 2025
@cert-manager-prow
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: inteon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@cert-manager-prow cert-manager-prow bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 3, 2025
@cert-manager-prow cert-manager-prow bot merged commit e0a9184 into cert-manager:main Jan 3, 2025
5 checks passed
@kashifest
Copy link
Contributor Author

@kashifest thank you for the version bump. I'll merge this PR, but I think the cmctl binary is not affected by this CVE (govulncheck is not failing: https://github.com/cert-manager/cmctl/actions/runs/12591045529/job/35093566602).

Thanks a lot. our vulnerability scan tools trivy/grype are showing red flags here. I know its an indirect dependancy but it would be nice to have a patch release since few other bumps have also landed after the September release, wdyt @inteon ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@inteon inteon

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. lgtm Indicates that a PR is ready to be merged. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kashifest @inteon