Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Address GO-2024-2687 #5359

Merged
merged 4 commits into from
Apr 4, 2024
Merged

Conversation

MrAlias
Copy link
Contributor

@MrAlias MrAlias commented Apr 4, 2024

  • The latest releases of Go 1.22 and 1.21 contain security fix for net/http. Explicitly set the CI system to not use vulnerable versions when testing so our vulnerable checker does not fail (and we aren't vulnerable).
  • Upgrade all dependencies of golang.org/x/net to v0.23.0

Copy of open-telemetry/opentelemetry-go#5139

@MrAlias MrAlias force-pushed the fix-GO-2024-2687 branch from 6c9c542 to ce3aeea Compare April 4, 2024 13:59
@MrAlias MrAlias marked this pull request as ready for review April 4, 2024 14:25
@MrAlias MrAlias requested a review from dashpole as a code owner April 4, 2024 14:25
@MrAlias MrAlias requested a review from a team April 4, 2024 14:25
@pellared
Copy link
Member

pellared commented Apr 4, 2024

Merging as a security (and build) fix.

@pellared pellared merged commit d1c5f88 into open-telemetry:main Apr 4, 2024
23 checks passed
@pellared pellared added this to the untracked milestone Nov 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants