Vulnerability - upgrade the net pkg

vesoft-inc / nebula-go

Nebula client in Golang

Apache License 2.0

134 stars 70 forks source link

Vulnerability - upgrade the net pkg #337

Open haoxins opened 7 months ago

haoxins commented 7 months ago

Vulnerability #1: GO-2024-2687 HTTP/2 CONTINUATION flood in net/http More info: https://pkg.go.dev/vuln/GO-2024-2687 Module: golang.org/x/net Found in: golang.org/x/net@v0.17.0 Fixed in: golang.org/x/net@v0.23.0

What type of PR is this?

[ ] bug
[ ] feature
[x] enhancement

What problem(s) does this PR solve?

Issue(s) number:

Description:

How do you solve it?

Special notes for your reviewer, ex. impact of this fix, design document, etc:

wey-gu commented 3 months ago

@Nicole00 @MegaByte875

Do you see any concerns? I think if possible we should go merge this.