Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deps: update module golang.org/x/net to v0.33.0 #2052

Merged
merged 4 commits into from
Dec 19, 2024
Merged

deps: update module golang.org/x/net to v0.33.0 #2052

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
879ecaf
replacement of the golang x net package allowed
dadrus Dec 19, 2024
6345c12
golang x net transitive dependency updated
dadrus Dec 19, 2024
24d0251
VEX info from the main branch included
dadrus Dec 19, 2024
0c7f561
Merge branch 'release' into chore/x_net_update
dadrus Dec 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .golangci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@ linters-settings:
replace-allow-list:
# to avoid having a CVE in the used version
- golang.org/x/crypto
- golang.org/x/net
mnd:
ignored-functions:
- '^make'
Expand Down
7 changes: 5 additions & 2 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -205,7 +205,7 @@ require (
go.uber.org/dig v1.18.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.27.0 // indirect
golang.org/x/crypto v0.30.0 // indirect
golang.org/x/crypto v0.31.0 // indirect
golang.org/x/net v0.32.0 // indirect
golang.org/x/oauth2 v0.24.0 // indirect
golang.org/x/sync v0.10.0 // indirect
Expand All @@ -225,4 +225,7 @@ require (
sigs.k8s.io/yaml v1.4.0 // indirect
)

replace golang.org/x/crypto v0.30.0 => golang.org/x/crypto v0.31.0
replace (
golang.org/x/crypto v0.30.0 => golang.org/x/crypto v0.31.0
golang.org/x/net v0.32.0 => golang.org/x/net v0.33.0
)
4 changes: 2 additions & 2 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -524,8 +524,8 @@ golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI=
golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
Expand Down
4 changes: 4 additions & 0 deletions osv-scanner.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
[[IgnoredVulns]]
id = "GO-2022-0646"
reason = "The access to the S3 bucket happens in read-only mode without making use of the EncryptionClient."

[[IgnoredVulns]]
id = "GO-2022-0635"
reason = "The v2 version of the library, respectively AWS S3 V2 is used by default. Usage of v1 must explicitely be enabled when configuring S3 buckets to get rulesets from."
Loading