New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade golang.org/x/net to v0.6.0 to fix CVE-2022-41717 and CVE-2022… #2008

Closed

cskarby wants to merge 1 commit into oauth2-proxy:master from cskarby:golang.org/x/net-v0.6.0

cskarby commented Feb 9, 2023

Compiled the application with golang-1.20 and scanned the resulting binary with a security scanner (trivy) which found 2 issues.

Description

Updated the dependency for golang.org/x/net

Motivation and Context

How Has This Been Tested?

Recompiled application with updated dependency
trivy reported no known vulnerabilities as per 2023-02-09
further testing of the application is needed

Checklist:

My change requires a change to the documentation or CHANGELOG.
I have updated the documentation/CHANGELOG accordingly.
[x ] I have created a feature (non-master) branch for my PR.


          Upgrade golang.org/x/net to v0.6.0 to fix CVE-2022-41717 and CVE-2022…

adc0d24

…-41721

cskarby requested a review from a team as a code owner

February 9, 2023 17:03

satr commented Feb 20, 2023

Suggestion to upgrade to golang.org/x/net v0.7.0 due to https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3323837

Member

JoelSpeed commented Mar 5, 2023

The changes here were covered in #2013, thanks

JoelSpeed closed this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet