]> source.dussan.org Git - gitea.git/commit
projects / gitea.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c8570b7) | patch
Upgrade `golang.org/x/net` to v0.24.0 (#30283) (#30286)
authorGiteabot <teabot@gitea.io>
Fri, 5 Apr 2024 03:31:04 +0000 (11:31 +0800)
committerGitHub <noreply@github.com>
Fri, 5 Apr 2024 03:31:04 +0000 (05:31 +0200)
commit1d77df82cfab7cfe6a2c2ac567a8297f1dbbad3b
tree19508bf7c384c7069f12bc7f6594299541708efdtree | snapshot
parentc8570b73afb443f8e4f07f0a26939f1ab5c18f94commit | diff
Upgrade `golang.org/x/net` to v0.24.0 (#30283) (#30286)

Backport #30283 by @silverwind

Result of `go get -u golang.org/x/net; make tidy`.

This is related to the following vulncheck warning:
```
There are 2 vulnerabilities in modules that you require that are
neither imported nor called. You may not need to take any action.
See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck for details.

Vulnerability #1: GO-2024-2687
    HTTP/2 CONTINUATION flood in net/http
  More info: https://pkg.go.dev/vuln/GO-2024-2687
  Module: golang.org/x/net
    Found in: golang.org/x/net@v0.22.0
    Fixed in: golang.org/x/net@v0.23.0

Vulnerability #2: GO-2022-0470
    No access control in github.com/blevesearch/bleve and bleve/v2
  More info: https://pkg.go.dev/vuln/GO-2022-0470
  Module: github.com/blevesearch/bleve/v2
    Found in: github.com/blevesearch/bleve/v2@v2.3.10
    Fixed in: N/A
```

Co-authored-by: silverwind <me@silverwind.io>
go.mod diff | blob | history
go.sum diff | blob | history
Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea