Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update to force a newer golang.org/x/net to address CVE-2022-41723 #2085

Closed
wants to merge 1 commit into from
Closed

Update to force a newer golang.org/x/net to address CVE-2022-41723 #2085

wants to merge 1 commit into from

Conversation

Michael-Sinz
Copy link

This temporary override is needed to address the vulnerability in golang.org/x/net which is pulled indirectly but with a version that has the vulnerability.

See GHSA-vvpx-j8f3-3w6h

This is to address issue #2084
#2084

The only change was to run:

go mod edit --replace golang.org/x/net=golang.org/x/[email protected]
go mod tidy

@Michael-Sinz
Update to force a newer golang.org/x/net to address CVE-2022-41723
dbe5c32 
This temporary override is needed to address the vulnerability
in golang.org/x/net which is pulled indirectly but with a version that
has the vulnerability.

See GHSA-vvpx-j8f3-3w6h

This is to address issue Azure#2084
Azure#2084
@adreed-msft adreed-msft added this to the 10.18.0 milestone Feb 24, 2023
@adreed-msft adreed-msft added the dependencies Pull requests that update a dependency file label Feb 24, 2023
@nakulkar-msft
Copy link
Contributor

@gapra-msft Can you confirm if #2115 fixes this?

@gapra-msft
Copy link
Member

@gapra-msft Can you confirm if #2115 fixes this?

Yes, that PR should resolve this.

@gapra-msft
Copy link
Member

Closing as 2115 resolves this

@gapra-msft gapra-msft closed this Mar 16, 2023
@Michael-Sinz
Copy link
Author

Thank you - yes, #2115 does address the CVE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gapra-msft gapra-msft Awaiting requested review from gapra-msft gapra-msft is a code owner

@adreed-msft adreed-msft Awaiting requested review from adreed-msft adreed-msft is a code owner

@nakulkar-msft nakulkar-msft Awaiting requested review from nakulkar-msft

@siminsavani-msft siminsavani-msft Awaiting requested review from siminsavani-msft

@vibhansa-msft vibhansa-msft Awaiting requested review from vibhansa-msft vibhansa-msft is a code owner

@tasherif-msft tasherif-msft Awaiting requested review from tasherif-msft

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
10.18.0
Development

Successfully merging this pull request may close these issues.
4 participants
@Michael-Sinz @nakulkar-msft @gapra-msft @adreed-msft