Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update module golang.org/x/net to v0.33.0 [SECURITY] #305

Merged
merged 2 commits into from
Dec 20, 2024
Merged

Update module golang.org/x/net to v0.33.0 [SECURITY] #305

merged 2 commits into from
Dec 20, 2024

Conversation

turkenf
Copy link
Contributor

@turkenf turkenf commented Dec 19, 2024
edited
Loading

Description of your changes

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
golang.org/x/net v0.25.0 -> v0.33.0 age adoption passing confidence

CVE-2024-45338

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

I have:

  • Run make reviewable to ensure this PR is ready for review.

How has this code been tested

https://github.com/upbound/provider-terraform/actions/runs/12419641053

@turkenf
Copy link
Contributor Author

turkenf commented Dec 19, 2024

/test-examples="examples/workspace-inline-aws.yaml"

@turkenf
Copy link
Contributor Author

turkenf commented Dec 19, 2024

/test-examples="examples/workspace-inline-aws.yaml"

@turkenf turkenf marked this pull request as ready for review December 19, 2024 19:49
ytsarev
ytsarev reviewed Dec 19, 2024
View reviewed changes
examples/providerconfig-aws.yaml
@@ -27,5 +27,5 @@ spec:
}
provider "aws" {
shared_credentials_files = ["${path.module}/aws-creds.ini"]
region = "eu-west-1"
region = "us-east-2"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is it accidental? does not look related

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not accidental workspace-inline-aws.yaml example fails due to quota problem in the eu-west-1 region: https://github.com/upbound/provider-terraform/actions/runs/12419196168

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

got it, thanks for clarifying :)

@turkenf turkenf merged commit caf4e9c into upbound:main Dec 20, 2024
9 checks passed
@turkenf turkenf deleted the go-golang.org-x-net-vulnerability branch December 20, 2024 08:37
@github-actions GitHub Actions
Copy link

Backport failed for release-0.17, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin release-0.17
git worktree add -d .worktree/backport-305-to-release-0.17 origin/release-0.17
cd .worktree/backport-305-to-release-0.17
git switch --create backport-305-to-release-0.17
git cherry-pick -x d549bb67713de08f861efa155b57a492badd5c2c f9e787db88ff45d92bfe94a9c514db921eb20fa9

@github-actions GitHub Actions
Copy link

Backport failed for release-0.18, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin release-0.18
git worktree add -d .worktree/backport-305-to-release-0.18 origin/release-0.18
cd .worktree/backport-305-to-release-0.18
git switch --create backport-305-to-release-0.18
git cherry-pick -x d549bb67713de08f861efa155b57a492badd5c2c f9e787db88ff45d92bfe94a9c514db921eb20fa9

@github-actions GitHub Actions
Copy link

Backport failed for release-0.19, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin release-0.19
git worktree add -d .worktree/backport-305-to-release-0.19 origin/release-0.19
cd .worktree/backport-305-to-release-0.19
git switch --create backport-305-to-release-0.19
git cherry-pick -x d549bb67713de08f861efa155b57a492badd5c2c f9e787db88ff45d92bfe94a9c514db921eb20fa9

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ytsarev ytsarev ytsarev approved these changes

@bobh66 bobh66 Awaiting requested review from bobh66 bobh66 is a code owner

@negz negz Awaiting requested review from negz negz is a code owner

@ulucinar ulucinar Awaiting requested review from ulucinar ulucinar is a code owner

@sergenyalcin sergenyalcin Awaiting requested review from sergenyalcin sergenyalcin is a code owner

Assignees
No one assigned
Labels
backport release-0.17 backport release-0.18 backport release-0.19
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@turkenf @ytsarev