You are viewing a plain text version of this content. The canonical link for it is here.

Posted to github@beam.apache.org by "W0lfier (via GitHub)" <gi...@apache.org> on 2023/03/16 20:24:30 UTC

[GitHub] [beam] W0lfier opened a new pull request, #25870: fix(sec): upgrade golang.org/x/net to 0.7.0

W0lfier opened a new pull request, #25870:
URL: https://github.com/apache/beam/pull/25870

   ### What happened？
   There are 1 security vulnerabilities found in golang.org/x/net v0.0.0-20221014081412-f15817d10f9b
   - [CVE-2022-41723](https://www.oscs1024.com/hd/CVE-2022-41723)
   
   
   ### What did I do？
   Upgrade golang.org/x/net from v0.0.0-20221014081412-f15817d10f9b to 0.7.0 for vulnerability fix
   
   ### What did you expect to happen？
   Ideally, no insecure libs should be used.
   
   ### The specification of the pull request
   [PR Specification](https://www.oscs1024.com/docs/pr-specification/) from OSCS


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] github-actions[bot] commented on pull request #25870: fix(sec): upgrade golang.org/x/net to 0.7.0

Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.

github-actions[bot] commented on PR #25870:
URL: https://github.com/apache/beam/pull/25870#issuecomment-1561751993

   Assigning reviewers. If you would like to opt out of this review, comment `assign to next reviewer`:
   
   R: @tvalentyn added as fallback since no labels match configuration
   
   Available commands:
   - `stop reviewer notifications` - opt out of the automated review tooling
   - `remind me after tests pass` - tag the comment author after tests pass
   - `waiting on author` - shift the attention set back to the author (any comment or push by the author will return the attention set to the reviewers)
   
   The PR bot will only process comments in the main thread (not review comments).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] damccorm commented on pull request #25870: fix(sec): upgrade golang.org/x/net to 0.7.0

Posted by "damccorm (via GitHub)" <gi...@apache.org>.

damccorm commented on PR #25870:
URL: https://github.com/apache/beam/pull/25870#issuecomment-1640367148

   This upgrade has happened independently of this PR - https://github.com/apache/beam/blob/29ea1e2f804258689c8aeafa0df2261be9b205b2/playground/backend/go.mod#L78 - so I'm closing this one. If that seems wrong, please comment or reopen


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] tvalentyn commented on pull request #25870: fix(sec): upgrade golang.org/x/net to 0.7.0

Posted by "tvalentyn (via GitHub)" <gi...@apache.org>.

tvalentyn commented on PR #25870:
URL: https://github.com/apache/beam/pull/25870#issuecomment-1574326845

   waiting on author


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] github-actions[bot] commented on pull request #25870: fix(sec): upgrade golang.org/x/net to 0.7.0

Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.

github-actions[bot] commented on PR #25870:
URL: https://github.com/apache/beam/pull/25870#issuecomment-1573640255

   Reminder, please take a look at this pr: @tvalentyn 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] tvalentyn commented on pull request #25870: fix(sec): upgrade golang.org/x/net to 0.7.0

Posted by "tvalentyn (via GitHub)" <gi...@apache.org>.

tvalentyn commented on PR #25870:
URL: https://github.com/apache/beam/pull/25870#issuecomment-1563503354

   @W0lfier thanks for the contribution and apoligies with the delay, but hey we've got a review bot now to make sure PRs don't slip through the cracks!
   
   Could you please rebase the change?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] damccorm closed pull request #25870: fix(sec): upgrade golang.org/x/net to 0.7.0

Posted by "damccorm (via GitHub)" <gi...@apache.org>.

damccorm closed pull request #25870: fix(sec): upgrade golang.org/x/net to 0.7.0
URL: https://github.com/apache/beam/pull/25870


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org