Skip to content

versions: Bump golang.org/x/net #11204

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 1, 2025
Merged

versions: Bump golang.org/x/net #11204

merged 1 commit into from
May 1, 2025

Conversation

stevenhorsman
Copy link
Member

@stevenhorsman stevenhorsman commented Apr 28, 2025
edited
Loading

Bump golang.org/x/net to 0.38.0 as dependabot
isn't doing it for these packages to remediate
GHSA-vvgc-356p-c3xw

@stevenhorsman stevenhorsman force-pushed the go-security-bump-april-25 branch from 90120fe to 815915d Compare April 28, 2025 13:17
@katacontainersbot katacontainersbot added the size/tiny Smallest and simplest task label Apr 28, 2025
fidencio
fidencio reviewed Apr 28, 2025
View reviewed changes
src/runtime/pkg/katautils/hook.go Outdated
@@ -136,7 +136,7 @@ func PreStartHooks(ctx context.Context, spec specs.Spec, cid, bundlePath string)
return nil
}

return runHooks(ctx, spec, spec.Hooks.Prestart, cid, bundlePath, "pre-start")
return runHooks(ctx, spec, spec.Hooks.CreateRuntime, cid, bundlePath, "pre-start")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/pre-start/create-runtime/ ?

Copy link
Member Author

@stevenhorsman stevenhorsman Apr 28, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've swapped it to createRuntime #consistency I decided that at that point I might as well route the call to CreateRuntimeHooks

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would suggest that maybe the whole PreStartHooks should be removed, but I don't understand the hooks well enough to make that call

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So the docker tests are failing now - which I think was where I got stuck last time I tried this 😞. I'm not sure whether to just ignore the deprecation warning for now?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just ignore the deprecation warning for now, please.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I'll do that on a follow up PR. Thanks

@stevenhorsman stevenhorsman force-pushed the go-security-bump-april-25 branch 2 times, most recently from 2c3e12b to d0f003a Compare April 28, 2025 14:04
@stevenhorsman
versions: Bump golang.org/x/net
bcffe93 
Bump golang.org/x/net to 0.38.0 as dependabot
isn't doing it for these packages to remediate
CVE-2025-22872

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
@stevenhorsman stevenhorsman force-pushed the go-security-bump-april-25 branch from d0f003a to ed3cb65 Compare April 29, 2025 08:46
@stevenhorsman
Copy link
Member Author

I'm going to split out the runc bump for now to see if that helps the stability of the testing.

@stevenhorsman stevenhorsman force-pushed the go-security-bump-april-25 branch from ed3cb65 to bcffe93 Compare April 29, 2025 10:25
@katacontainersbot katacontainersbot added size/small Small and simple task and removed size/tiny Smallest and simplest task labels Apr 29, 2025
@stevenhorsman stevenhorsman changed the title Go security bump april 25 versions: Bump golang.org/x/net Apr 29, 2025
fidencio
fidencio approved these changes Apr 29, 2025
View reviewed changes
Copy link
Member

@fidencio fidencio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, thanks @stevenhorsman!

@stevenhorsman stevenhorsman requested a review from RuoqingHe May 1, 2025 08:06
RuoqingHe
RuoqingHe approved these changes May 1, 2025
View reviewed changes
Copy link
Member

@RuoqingHe RuoqingHe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me @stevenhorsman ❤️

@RuoqingHe RuoqingHe merged commit 33c69fc into kata-containers:main May 1, 2025
754 of 848 checks passed
@stevenhorsman stevenhorsman deleted the go-security-bump-april-25 branch June 11, 2025 09:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fidencio fidencio fidencio approved these changes

@RuoqingHe RuoqingHe RuoqingHe approved these changes

Assignees
No one assigned
Labels
ok-to-test size/small Small and simple task
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@stevenhorsman @fidencio @RuoqingHe @katacontainersbot