-
Notifications
You must be signed in to change notification settings - Fork 193
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): bump golang.org/x/net from 0.10.0 to 0.14.0 #1927
chore(deps): bump golang.org/x/net from 0.10.0 to 0.14.0 #1927
Conversation
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.14.0. - [Commits](golang/net@v0.10.0...v0.14.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Hi @dependabot[bot]. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Update to 0.13 fixes CVE-2023-3978 in HTML rendering. I don't think this CSI driver renders any html, but dumb CVE scanners will hit it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/retest
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/retest
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: andyzhangx, dependabot[bot] The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Bumps golang.org/x/net from 0.10.0 to 0.14.0.
Commits
c8c0290
go.mod: update golang.org/x dependencies0b21d06
quic: framework for testing blocking operations4648651
quic: add -vv flag for more verbose tests60ae793
quic: don't send session ticketsa7da556
http2: optimize buffer allocation in transport167593b
quic: create and accept streams8ffa475
html: only render content literally in the HTML namespace63fe334
quic: gate and queue synchronization primitivesbd8ac9e
quic: fill out connection id handling08001cc
quic: debug logging of packetsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)