Closed tuminoid closed 4 months ago
[APPROVALNOTIFIER] This PR is NOT APPROVED
This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please assign dtantsur for approval. For more information see the Kubernetes Code Review Process.
The full list of commands accepted by this bot can be found here.
/cc @Rozzii
/lgtm
/hold This is ready and good to merge, but I'll hold it as I need a repo that has open vulns for testing osv-scanner for a day or two.
/unhold
Tests done good to merge. /cc @dtantsur
/approve /lgtm
Thanks! Feel free to ping me on slack if I miss notifications about new PRs.
Bump golang to 1.21.10 and x/net to v0.23.0, x/crypto to v0.17.0 and google.golang.org/protobuf to v1.33.0.
test/go.mod is bumped from 1.21.6 to 1.21.9. .9 is needed for the stdlib vulnerability fixes, and some feature is requiring at least .6 to be mentioned, so it cannot be set to just "go 1.21" as we usually have.
https://osv.dev/GHSA-4v7x-pqxf-cx7m https://osv.dev/GO-2024-2687 https://osv.dev/GHSA-45x7-px36-x8w8 https://osv.dev/GHSA-8r3f-844c-mc37