sheldonhull
commented
1 year ago indirect dependency, should evaluate with go mod why where this is used.
Closed mend-for-github-com[bot] closed 1 year ago
sheldonhull
commented
1 year ago indirect dependency, should evaluate with go mod why where this is used.
This PR contains the following updates:
v0.3.1-0.20221206200815-1e63c2f08a10->v0.7.0GitHub Vulnerability Alerts
CVE-2022-41723
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
Release Notes
golang/net
### [`v0.7.0`](https://togithub.com/golang/net/compare/v0.6.0...v0.7.0) [Compare Source](https://togithub.com/golang/net/compare/v0.6.0...v0.7.0) ### [`v0.6.0`](https://togithub.com/golang/net/compare/v0.5.0...v0.6.0) [Compare Source](https://togithub.com/golang/net/compare/v0.5.0...v0.6.0) ### [`v0.5.0`](https://togithub.com/golang/net/compare/v0.4.0...v0.5.0) [Compare Source](https://togithub.com/golang/net/compare/v0.4.0...v0.5.0)Configuration
π Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
π¦ Automerge: Enabled.
β» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.