Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump golang.org/x/net to v0.34.0 #2017

Merged
merged 2 commits into from
Feb 4, 2025
Merged

Bump golang.org/x/net to v0.34.0 #2017

merged 2 commits into from
Feb 4, 2025

Conversation

eualin
Copy link
Contributor

@eualin eualin commented Jan 21, 2025
edited
Loading

Bumps the golang.org/x/net package to mitigate the CVE-2024-45338 vulnerability.

@eualin eualin requested a review from a team as a code owner January 21, 2025 22:54
@hashicorp-cla-app HashiCorp CLA App
Copy link

hashicorp-cla-app bot commented Jan 21, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

srahul3
srahul3 approved these changes Jan 22, 2025
View reviewed changes
Copy link

@srahul3 srahul3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ LGTM

@eualin eualin changed the title Bump golang.org/x/net Bump golang.org/x/net to v0.34.0 Jan 22, 2025
@eualin
Copy link
Contributor Author

eualin commented Jan 23, 2025

@xwa153, @jmurret - May I ask for a quick review? Also, what's the process of cutting a new release? Happy to assist in any way possible should that help speed up the vulnerability mitigation.

dduzgun-security
dduzgun-security previously approved these changes Jan 27, 2025
View reviewed changes
Copy link

@dduzgun-security dduzgun-security left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thank you for your contribution.

srahul3
srahul3 previously approved these changes Jan 30, 2025
View reviewed changes
Copy link

@srahul3 srahul3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ LGTM

@KisanK79
Copy link

KisanK79 commented Feb 1, 2025

@here Can we fix and merge this early?

@eualin eualin dismissed stale reviews from srahul3 and dduzgun-security via faf8404 February 3, 2025 13:22
@eualin
Copy link
Contributor Author

eualin commented Feb 3, 2025

I tried to fix the lint errors.
Command make lint succeeds locally.
@dduzgun-security, can you please trigger a new build?

@eualin
Copy link
Contributor Author

eualin commented Feb 3, 2025

Linting succeeds now but we get another (ephemeral ?) connection refused error:

panic: Post "http://127.0.0.1:8200/v1/sys/auth/approle": dial tcp 127.0.0.1:8200: connect: connection refused

Any hints?

@dduzgun-security
Copy link

dduzgun-security commented Feb 3, 2025
edited
Loading

@eualin thank you for your patience on that PR, I pinged the team to take a look into this. Looks like the CI test-case calling vault is having a connection refused. cc: @sreeram77

sreeram77
sreeram77 approved these changes Feb 4, 2025
View reviewed changes
Copy link
Member

@sreeram77 sreeram77 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!
The test cases have been flaky for a while. I've kept a note of it and will check it later.

@sreeram77 sreeram77 merged commit f33df88 into hashicorp:main Feb 4, 2025
27 of 29 checks passed
@KisanK79
Copy link

KisanK79 commented Feb 4, 2025
edited
Loading

@sreeram77 What is the release process and when can we expect new TAG with this change?

@ayodejidev
Copy link

Hi @sreeram77 could you have a look at this PR #1905 as well ? It will be nice to get a comment from the team if the change will be merged or no. Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sreeram77 sreeram77 sreeram77 approved these changes

@srahul3 srahul3 srahul3 left review comments

@dduzgun-security dduzgun-security Awaiting requested review from dduzgun-security

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@eualin @KisanK79 @dduzgun-security @ayodejidev @sreeram77 @srahul3