Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): upgrade golang.org/x/net to v0.17.0 #1152

Merged
merged 1 commit into from
Dec 13, 2023
Merged

chore(deps): upgrade golang.org/x/net to v0.17.0 #1152

merged 1 commit into from
Dec 13, 2023

Conversation

neitdung
Copy link

Description

Close #1151

Bumping to golang.org/x/net@v0.17.0 to resolve vulnerability.

PR checklist

  • Tests written/updated
  • Changelog entry added in .changelog (we use
    unclog to manage our changelog)
  • Updated relevant documentation (docs/ or spec/) and code comments

@cmwaters
Copy link
Contributor

Looks like mainline cometbft also upgraded, See: https://github.com/cometbft/cometbft/blob/aae8e3861a628114bb3694bebb205babbed16f02/go.mod#L37

@rootulp
Copy link
Collaborator

rootulp commented Dec 12, 2023

Note govulncheck is still failing for a different reason:

Vulnerability #1: GO-2023-2382
    Denial of service via chunk extensions in net/http
  More info: https://pkg.go.dev/vuln/GO-2023-2382
  Standard library
    Found in: net/http/internal@go1.21.4
    Fixed in: net/http/internal@go1.21.5

so I think we should bump Go versions in a seperarate PR

@rootulp rootulp enabled auto-merge (squash) December 12, 2023 16:56
@rootulp rootulp mentioned this pull request Dec 12, 2023
Closed
@rootulp
Copy link
Collaborator

rootulp commented Dec 13, 2023

The mempool tests are so flakey 😢

@rootulp rootulp merged commit 6462a74 into celestiaorg:main Dec 13, 2023
13 of 15 checks passed
@gitpoap-bot gitpoap-bot
Copy link

gitpoap-bot bot commented Dec 13, 2023

Congrats, your important contribution to this open-source project has earned you a GitPOAP!

GitPOAP: 2023 Celestia Contributor:

GitPOAP: 2023 Celestia Contributor GitPOAP Badge

Head to gitpoap.io & connect your GitHub account to mint!

Learn more about GitPOAPs here.

@rootulp rootulp mentioned this pull request Dec 16, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@staheri14 staheri14 staheri14 approved these changes

@cmwaters cmwaters cmwaters approved these changes

@rootulp rootulp rootulp approved these changes

@evan-forbes evan-forbes Awaiting requested review from evan-forbes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Consider bumping net/http to resolve govulncheck
4 participants
@neitdung @cmwaters @rootulp @staheri14