open-consul/.changelog/18186.txt at de28b7fdcea8eb9c261e13e90fac7a8d1e31e5a3 - luxolus/open-consul - Stateless Git Forge

luxolus/open-consul

hc-github-team-consul-core 7aef7ebc42

Backport of [NET-4865] Bump golang.org/x/net to 0.12.0 into release/1.16.x (#18189 )

Bump golang.org/x/net to 0.12.0

While not necessary to directly address CVE-2023-29406 (which should be
handled by using a patched version of Go when building), an
accompanying change to HTTP/2 error handling does impact agent code.

See https://go-review.googlesource.com/c/net/+/506995 for the HTTP/2
change.

Bump this dependency across our submodules as well for the sake of
potential indirect consumers of `x/net/http`.

Manual backport of 84cbf09185ebfc59f9fcf486d1c4983ef129bf95.

2023-07-19 12:22:18 -04:00

4 lines

131 B

Plaintext

Raw Blame History

	```release-note:security
	`Upgrade golang.org/x/net to address [CVE-2023-29406](https://nvd.nist.gov/vuln/detail/CVE-2023-29406)`
	```