Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updates to fix HTTP CVE on 0.15 branch #1419

Closed
wants to merge 2 commits into from

Conversation

dfarrell07
Copy link
Member

See commit messages for details.

Update generated by `go get -u google.golang.org/grpc`.

This is flagged by the Vulnerability Scanning GHA on the release-0.15
branch for grpc v1.56.2 and was fixed in v1.56.3.

Signed-off-by: Daniel Farrell <[email protected]>
Update generated by `go get -u golang.org/x/net`.

This is flagged by the Vulnerability Scanning GHA on the release-0.15
branch for net v0.8.0 and was fixed in v0.13.0.

Signed-off-by: Daniel Farrell <[email protected]>
@submariner-bot
Copy link
Contributor

🤖 Created branch: z_pr1419/dfarrell07/http_cves
🚀 Full E2E won't run until the "ready-to-test" label is applied. I will add it automatically once the PR has 2 approvals, or you can add it manually.

@dfarrell07
Copy link
Member Author

The 0.15.3 bump was merged, hence the new conflicts.

@dfarrell07
Copy link
Member Author

It seems the net bump was handled by the 0.15.3 PR, so going back to a PR with only the grpc bump (#1420).

@dfarrell07 dfarrell07 closed this Oct 31, 2023
@submariner-bot
Copy link
Contributor

🤖 Closed branches: [z_pr1419/dfarrell07/http_cves]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
No open projects
Status: Done
Development

Successfully merging this pull request may close these issues.

2 participants