Skip to content

Commit

Permalink
[RHOAIENG-5305] - golang.org/x/net Allocation of Resources Without Li…
Browse files Browse the repository at this point in the history
…mits or Throttling

chore: Fixes [CVE-2023-45288](https://www.cve.org/CVERecord?id=CVE-2023-45288)

Signed-off-by: Spolti <fspolti@redhat.com>
  • Loading branch information
spolti committed Apr 12, 2024
1 parent 1d5a0ed commit fe195fa
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 80 deletions.
11 changes: 7 additions & 4 deletions qpext/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -50,12 +50,12 @@ require (
go.uber.org/atomic v1.11.0 // indirect
go.uber.org/automaxprocs v1.5.2 // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/net v0.17.0 // indirect
golang.org/x/net v0.21.0 // indirect
golang.org/x/oauth2 v0.8.0 // indirect
golang.org/x/sync v0.2.0 // indirect
golang.org/x/sys v0.13.0 // indirect
golang.org/x/term v0.13.0 // indirect
golang.org/x/text v0.13.0 // indirect
golang.org/x/sys v0.18.0 // indirect
golang.org/x/term v0.18.0 // indirect
golang.org/x/text v0.14.0 // indirect
golang.org/x/time v0.3.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
google.golang.org/api v0.122.0 // indirect
Expand All @@ -78,3 +78,6 @@ require (
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
)

// Fixes CVE-2023-45288
replace golang.org/x/net => golang.org/x/net v0.23.0
Loading

0 comments on commit fe195fa

Please sign in to comment.