deps: update module golang.org/x/net to v0.33.0 (#2052)

dadrus · Dec 19, 2024 · 7d28110 · 7d28110
1 parent 69c657c
commit 7d28110
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 4 deletions.
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -78,6 +78,7 @@ linters-settings:
     replace-allow-list:
       # to avoid having a CVE in the used version
       - golang.org/x/crypto
+      - golang.org/x/net
   mnd:
     ignored-functions:
       - '^make'

diff --git a/go.mod b/go.mod
@@ -205,7 +205,7 @@ require (
 	go.uber.org/dig v1.18.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
-	golang.org/x/crypto v0.30.0 // indirect
+	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/net v0.32.0 // indirect
 	golang.org/x/oauth2 v0.24.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
@@ -225,4 +225,7 @@ require (
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )
 
-replace golang.org/x/crypto v0.30.0 => golang.org/x/crypto v0.31.0
+replace (
+	golang.org/x/crypto v0.30.0 => golang.org/x/crypto v0.31.0
+	golang.org/x/net v0.32.0 => golang.org/x/net v0.33.0
+)
diff --git a/go.sum b/go.sum
@@ -524,8 +524,8 @@ golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
-golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI=
-golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
 golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=

diff --git a/osv-scanner.toml b/osv-scanner.toml
@@ -1,3 +1,7 @@
 [[IgnoredVulns]]
 id = "GO-2022-0646"
 reason = "The access to the S3 bucket happens in read-only mode without making use of the EncryptionClient."
+
+[[IgnoredVulns]]
+id = "GO-2022-0635"
+reason = "The v2 version of the library, respectively AWS S3 V2 is used by default. Usage of v1 must explicitely be enabled when configuring S3 buckets to get rulesets from."