build(deps): bump golang.org/x/net from 0.32.0 to 0.33.0. #2586
Conversation
k8s-ci-robot
added
cncf-cla: yes
|
This issue is currently awaiting triage. If kube-state-metrics contributors determine this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: liangyuanpeng The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
size/XS
Signed-off-by: Lan Liang <[email protected]>
liangyuanpeng
force-pushed
the
fix_cves
branch
from
8aee0b5 to
759a261
Compare
liangyuanpeng
changed the title
|
How is x/net affected by it? the GHSA only lists x/crypto |
|
@mrueg |
Thanks for the clarification. It doesn't look like ksm is affected though. See: https://github.com/kubernetes/kube-state-metrics/actions/runs/12738421282 |
|
Closing due to ksm are not affected. |
What this PR does / why we need it:
bump golang.org/x/net from 0.32.0 to 0.33.0 for address
CVE-2024-45337CVE-2024-45338golang.org/x/crypto had bump to 0.31.0
/cc @mrueg @dashpole
How does this change affect the cardinality of KSM: (increases, decreases or does not change cardinality)
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #2585