Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[3.5] Fix govulncheck CI check #18170

Merged
merged 3 commits into from
Jun 14, 2024
Merged

[3.5] Fix govulncheck CI check #18170

merged 3 commits into from
Jun 14, 2024

Commits on Jun 14, 2024

  1. Fix govulncheck CI check on release-3.5 

    This commit fixed the Go Vulnerability Checker CI job, which isn't
scanning for all go.mod files within the project.

Reference:
- etcd-io#18168

Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
    @henrybear327
    henrybear327 committed Jun 14, 2024
    Configuration menu
    Copy the full SHA
    551bff4 View commit details
    Browse the repository at this point in the history

  2. dependency: bump golang.org/x/net from 0.17.0 to 0.23.0 

    Extracted log from govulncheck, suggesting that we should bump the
version of golang.org/x/net

=== Symbol Results ===

Vulnerability #1: GO-2024-2687
    HTTP/2 CONTINUATION flood in net/http
  More info: https://pkg.go.dev/vuln/GO-2024-2687
  Module: golang.org/x/net
    Found in: golang.org/x/net@v0.17.0
    Fixed in: golang.org/x/net@v0.23.0

Reference:
- etcd-io#17708

Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
    @henrybear327
    henrybear327 committed Jun 14, 2024
    Configuration menu
    Copy the full SHA
    2676975 View commit details
    Browse the repository at this point in the history

  3. dependency: bump golang.org/x/sys from v0.0.0-20210403161142-5e06dd20… 

    …ab57 to v0.0.0-20220412211240-33da011f77ad

Extracted log from govulncheck, suggesting that we should bump the
version of golang.org/x/sys

Vulnerability #1: GO-2022-0493
    Incorrect privilege reporting in syscall and golang.org/x/sys/unix
  More info: https://pkg.go.dev/vuln/GO-2022-0493
  Module: golang.org/x/sys
    Found in: golang.org/x/sys@v0.0.0-20210403161142-5e06dd20ab57
    Fixed in: golang.org/x/sys@v0.0.0-20220412211240-33da011f77ad

Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
    @henrybear327
    henrybear327 committed Jun 14, 2024
    Configuration menu
    Copy the full SHA
    e72a799 View commit details
    Browse the repository at this point in the history