]> source.dussan.org Git - gitea.git/commit
projects / gitea.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 07bcfc1) | patch
Upgrade `golang.org/x/net` to v0.24.0 (#30283)
authorsilverwind <me@silverwind.io>
Fri, 5 Apr 2024 02:45:59 +0000 (04:45 +0200)
committerGitHub <noreply@github.com>
Fri, 5 Apr 2024 02:45:59 +0000 (02:45 +0000)
commit95504045cceee9d60ff5d2eeb32cd30213b52322
tree80fc6c4a8d3a20027166f7a2ea6b8737ea1e6f5btree | snapshot
parent07bcfc171bcccfe78a86c7b4b3f9b729ba7d60b6commit | diff
Upgrade `golang.org/x/net` to v0.24.0 (#30283)

Result of `go get -u golang.org/x/net; make tidy`.

This is related to the following vulncheck warning:
```
There are 2 vulnerabilities in modules that you require that are
neither imported nor called. You may not need to take any action.
See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck for details.

Vulnerability #1: GO-2024-2687
    HTTP/2 CONTINUATION flood in net/http
  More info: https://pkg.go.dev/vuln/GO-2024-2687
  Module: golang.org/x/net
    Found in: golang.org/x/net@v0.22.0
    Fixed in: golang.org/x/net@v0.23.0

Vulnerability #2: GO-2022-0470
    No access control in github.com/blevesearch/bleve and bleve/v2
  More info: https://pkg.go.dev/vuln/GO-2022-0470
  Module: github.com/blevesearch/bleve/v2
    Found in: github.com/blevesearch/bleve/v2@v2.3.10
    Fixed in: N/A
```
go.mod diff | blob | history
go.sum diff | blob | history
Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea