From 77bf0282a75b7b6d9be53620f8f9636d30868f19 Mon Sep 17 00:00:00 2001 From: Lucas Bajolet Date: Fri, 20 Dec 2024 11:07:02 -0500 Subject: [PATCH] go.mod: bump golang.org/x/net to v0.33.0 The version of golang.org/x/net that we're using (v0.25.0) is vulnerable to GO-2024-3333, a DoS vulnerability. Packer is not particularly vulnerable to this, as we are not a hosted service, but since security scanners report this, and the fix is rather simple, we address it today. --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index c888a7532f9..f2884feaba1 100644 --- a/go.mod +++ b/go.mod @@ -45,7 +45,7 @@ require ( github.com/zclconf/go-cty-yaml v1.0.1 golang.org/x/crypto v0.31.0 // indirect golang.org/x/mod v0.17.0 - golang.org/x/net v0.25.0 + golang.org/x/net v0.33.0 golang.org/x/oauth2 v0.15.0 golang.org/x/sync v0.10.0 golang.org/x/sys v0.28.0 // indirect diff --git a/go.sum b/go.sum index a92f04890a1..ab8f31a1808 100644 --- a/go.sum +++ b/go.sum @@ -603,6 +603,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ= golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM=