Skip to content

chore(deps): update module golang.org/x/net to v0.33.0 [security] (main)#793

Merged
jbw976 merged 1 commit intomainfrom
renovate/main-go-golang.org-x-net-vulnerability
Dec 20, 2024
Merged

chore(deps): update module golang.org/x/net to v0.33.0 [security] (main)#793
jbw976 merged 1 commit intomainfrom
renovate/main-go-golang.org-x-net-vulnerability

Conversation

@crossplane-renovate
Copy link
Contributor

@crossplane-renovate crossplane-renovate bot commented Dec 19, 2024

This PR contains the following updates:

Package Type Update Change
golang.org/x/net indirect minor v0.28.0 -> v0.33.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2024-45338

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

Non-linear parsing of case-insensitive content in golang.org/x/net/html

CVE-2024-45338 / GHSA-w32m-9786-jp63 / GO-2024-3333

More information

Details

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

Severity

  • CVSS Score: Unknown
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Non-linear parsing of case-insensitive content in golang.org/x/net/html

CVE-2024-45338 / GHSA-w32m-9786-jp63 / GO-2024-3333

More information

Details

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@crossplane-renovate crossplane-renovate bot requested a review from a team as a code owner December 19, 2024 08:05
@crossplane-renovate crossplane-renovate bot requested a review from phisco December 19, 2024 08:05
@crossplane-renovate
Copy link
Contributor Author

crossplane-renovate bot commented Dec 19, 2024

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 4 additional dependencies were updated

Details:

Package Change
golang.org/x/sync v0.8.0 -> v0.10.0
golang.org/x/sys v0.23.0 -> v0.28.0
golang.org/x/term v0.23.0 -> v0.27.0
golang.org/x/text v0.17.0 -> v0.21.0

@jbw976 jbw976 merged commit 197fb2a into main Dec 20, 2024
@crossplane-renovate crossplane-renovate bot deleted the renovate/main-go-golang.org-x-net-vulnerability branch December 20, 2024 08:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jbw976 jbw976 jbw976 approved these changes

@phisco phisco phisco approved these changes

Assignees

No one assigned

Labels

automated

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jbw976 @phisco