Skip to content

Fix: CVE-2025-22870 #792

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 10, 2025
Merged

Fix: CVE-2025-22870 #792

merged 2 commits into from
Apr 10, 2025

Conversation

iPraveenParihar
Copy link
Member

@iPraveenParihar iPraveenParihar commented Apr 10, 2025
edited
Loading

This commit addresses the CVE-2025-22870.

URL: GHSA-qxp5-gwg8-xv66
Fix Resolution: upgrade to version > v0.39.0

@mergify mergify bot added the vendor Pull requests that update vendored dependencies label Apr 10, 2025
@iPraveenParihar iPraveenParihar marked this pull request as ready for review April 10, 2025 09:35
black-dragon74
black-dragon74 previously approved these changes Apr 10, 2025
View reviewed changes
@iPraveenParihar
rebase: update golang.org/x/net to v0.39.0
f355080 
This commit addresses the CVE-2025-22870.

url: GHSA-qxp5-gwg8-xv66
fix resolution: upgrade to version > v0.36.0

Signed-off-by: Praveen M <[email protected]>
@iPraveenParihar
rebase: update golang.org/x/net to v0.39.0 in /tools
b398b3e 
This commit addresses the CVE-2025-22870.

url: GHSA-qxp5-gwg8-xv66
fix resolution: upgrade to version > v0.36.0

Signed-off-by: Praveen M <[email protected]>
@mergify mergify bot dismissed black-dragon74’s stale review April 10, 2025 09:54

Pull request has been modified.

@iPraveenParihar
Copy link
Member Author

noticed there is golang.org/x/[email protected] latest version.
PTAL again. Thanks!

@mergify mergify bot merged commit 6546fbb into csi-addons:main Apr 10, 2025
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@black-dragon74 black-dragon74 black-dragon74 approved these changes

@Rakshith-R Rakshith-R Rakshith-R approved these changes

@Madhu-1 Madhu-1 Awaiting requested review from Madhu-1

@Nikhil-Ladha Nikhil-Ladha Awaiting requested review from Nikhil-Ladha

@nixpanic nixpanic Awaiting requested review from nixpanic

@yati1998 yati1998 Awaiting requested review from yati1998

Assignees
No one assigned
Labels
vendor Pull requests that update vendored dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@iPraveenParihar @black-dragon74 @Rakshith-R