Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update go.mod packages #1125

Merged
merged 2 commits into from
Oct 14, 2022
Merged

Update go.mod packages #1125

merged 2 commits into from
Oct 14, 2022

Conversation

SaschaSchwarze0
Copy link
Member

@SaschaSchwarze0 SaschaSchwarze0 commented Oct 13, 2022
edited
Loading

Changes

There is CVE-2022-32149 fixed in golang.org/x/text v0.3.8.

What is nice is that with govulncheck, there is finally a tool available that is capable to detect that this project does not use the affected code. Though, the majority of scan tools are not yet capable to do so. Trivy for example finds it in our nightly build.

The same applies to golang.org/x/net where Trivy finds CVE-2022-27664.

Submitter Checklist

  • Includes tests if functionality changed/was added
  • Includes docs if changes are user-facing
  • Set a kind label on this PR
  • Release notes block has been filled in, or marked NONE

Release Notes

NONE

@SaschaSchwarze0 SaschaSchwarze0 added the kind/dependency-change Categorizes issue or PR as related to changing dependencies label Oct 13, 2022
@openshift-ci openshift-ci bot added the release-note-none Label for when a PR does not need a release note label Oct 13, 2022
@openshift-ci openshift-ci bot requested review from coreydaley and otaviof October 13, 2022 08:39
HeavyWombat
HeavyWombat approved these changes Oct 14, 2022
View reviewed changes
Copy link
Contributor

@HeavyWombat HeavyWombat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Oct 14, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 14, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: HeavyWombat

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 14, 2022
@openshift-merge-robot openshift-merge-robot merged commit 718f9f3 into shipwright-io:main Oct 14, 2022
@SaschaSchwarze0 SaschaSchwarze0 added this to the release-v0.12.0 milestone Oct 14, 2022
@SaschaSchwarze0 SaschaSchwarze0 deleted the sascha-update-golang-x-text branch February 18, 2023 11:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HeavyWombat HeavyWombat HeavyWombat approved these changes

@coreydaley coreydaley Awaiting requested review from coreydaley

@otaviof otaviof Awaiting requested review from otaviof

@qu1queee qu1queee Awaiting requested review from qu1queee

Assignees

@HeavyWombat HeavyWombat

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/dependency-change Categorizes issue or PR as related to changing dependencies lgtm Indicates that a PR is ready to be merged. release-note-none Label for when a PR does not need a release note
Projects
None yet
Milestone
release-v0.12.0
Development

Successfully merging this pull request may close these issues.
3 participants
@SaschaSchwarze0 @HeavyWombat @openshift-merge-robot