Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Cherry-pick] chore: Update dependencies (#47) (#55) #56

Merged
merged 1 commit into from
Feb 5, 2025
Merged

[Cherry-pick] chore: Update dependencies (#47) (#55) #56

merged 1 commit into from
Feb 5, 2025

Conversation

hdefazio
Copy link

@hdefazio hdefazio commented Feb 5, 2025

chore: Fixes the following CVEs:
CVE-2023-45288 - Non-linear parsing of case-insensitive content in golang.org/x/net/html
CVE-2024-45337 - Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

@hdefazio hdefazio requested a review from israel-hdez February 5, 2025 21:57
@spolti @hdefazio
chore: Update dependencies (kserve#47) (#55)
3672175 
chore:  Fixes the following CVEs:
CVE-2023-45288 - Non-linear parsing of case-insensitive content in
golang.org/x/net/html
CVE-2024-45337 - Misuse of ServerConfig.PublicKeyCallback may cause
authorization bypass in golang.org/x/crypto

Signed-off-by: Spolti <fspolti@redhat.com>
Signed-off-by: Hannah DeFazio <h2defazio@gmail.com>
@hdefazio hdefazio requested a review from mholder6 February 5, 2025 22:38
@mholder6
Copy link

mholder6 commented Feb 5, 2025

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Feb 5, 2025
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Feb 5, 2025

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: hdefazio

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@hdefazio hdefazio merged commit 3dc57c4 into opendatahub-io:release-0.12.0-rc0 Feb 5, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@israel-hdez israel-hdez Awaiting requested review from israel-hdez

@mholder6 mholder6 Awaiting requested review from mholder6

Assignees

@mholder6 mholder6

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hdefazio @mholder6 @spolti