Update golang.org/x/net package
What does this MR do and why?
Bumps the version to 0.33.0 to fix CVE-2024-45338. We don't appear to be directly vulnerable but upgrading nonetheless.
References
Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.
- https://gitlab.com/gitlab-org/gitlab/-/security/vulnerabilities/154523094
- The fix https://go-review.googlesource.com/c/net/+/637536
- Only major changes since 0.33.0 seem to be additions, no breaking changes https://pkg.go.dev/golang.org/x/net/html?tab=versions
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
N/A
How to set up and validate locally
N/A
Merge request reports
Activity
changed milestone to %17.8
added bugvulnerability security-fix-in-public labels
assigned to @dcouture
added typebug label
removed typebug label
removed bugvulnerability label
added pipelinetier-1 label
- A deleted user
added bugvulnerability typebug labels
Reviewer roulette
Category Reviewer Maintainer workhorse @ghinfey(UTC+0, 1 hour behind author)
@patrickbajao(UTC+8, 7 hours ahead of author)
Please refer to documentation page for guidance on how you can benefit from the Reviewer Roulette, or use the GitLab Review Workload Dashboard to find other available reviewers.
If needed, you can retry the
danger-reviewjob that generated this comment.Generated by
Resolved by Igor Drozdov@schin1 can you review this version bump for
golang.org/x/netplease? Thanks!- Last reply by Igor Drozdov
requested review from @schin1
added pipeline:mr-approved label
added pipelinetier-3 pipeline:run-e2e-omnibus-once labels and removed pipelinetier-1 label
Before you set this MR to auto-merge
This merge request will progress on pipeline tiers until it reaches the last tier: pipelinetier-3. We will trigger a new pipeline for each transition to a higher tier.
Before you set this MR to auto-merge, please check the following:
- You are the last maintainer of this merge request
- The latest pipeline for this merge request is pipelinetier-3 (You can find which tier it is in the pipeline name)
- This pipeline is recent enough (created in the last 8 hours)
If all the criteria above apply, please set auto-merge for this merge request.
See pipeline tiers and merging a merge request for more details.
-
@igor.drozdov could I pass this to you for a maintainer review please?
requested review from @igor.drozdov and removed review request for @schin1
E2E Test Result Summary
allure-report-publishergenerated test report!e2e-test-on-gdk:
expand test summary
+------------------------------------------------------------------+ | suites summary | +-------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +-------------+--------+--------+---------+-------+-------+--------+ | Plan | 82 | 0 | 8 | 0 | 90 | ✅ | | Create | 135 | 0 | 20 | 0 | 155 | ✅ | | Govern | 80 | 0 | 12 | 0 | 92 | ✅ | | Verify | 50 | 0 | 16 | 0 | 66 | ✅ | | Data Stores | 33 | 0 | 10 | 0 | 43 | ✅ | | Monitor | 8 | 0 | 12 | 0 | 20 | ✅ | | Package | 25 | 0 | 13 | 0 | 38 | ✅ | | ModelOps | 0 | 0 | 1 | 0 | 1 | ➖ | | Configure | 0 | 0 | 3 | 0 | 3 | ➖ | | Fulfillment | 2 | 0 | 7 | 0 | 9 | ✅ | | Release | 5 | 0 | 1 | 0 | 6 | ✅ | | Analytics | 2 | 0 | 0 | 0 | 2 | ✅ | | Manage | 1 | 0 | 9 | 0 | 10 | ✅ | | Secure | 4 | 0 | 3 | 0 | 7 | ✅ | | Ai-powered | 0 | 0 | 2 | 0 | 2 | ➖ | | Growth | 0 | 0 | 2 | 0 | 2 | ➖ | +-------------+--------+--------+---------+-------+-------+--------+ | Total | 427 | 0 | 119 | 0 | 546 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+e2e-test-on-omnibus:
expand test summary
+---------------------------------------------------------------------+ | suites summary | +----------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +----------------+--------+--------+---------+-------+-------+--------+ | Plan | 83 | 0 | 8 | 0 | 91 | ✅ | | Create | 563 | 0 | 77 | 3 | 640 | ✅ | | Verify | 51 | 0 | 15 | 0 | 66 | ✅ | | Govern | 110 | 0 | 8 | 0 | 118 | ✅ | | Data Stores | 46 | 0 | 11 | 0 | 57 | ✅ | | Package | 32 | 0 | 13 | 0 | 45 | ✅ | | Manage | 25 | 0 | 20 | 0 | 45 | ✅ | | GitLab Metrics | 2 | 0 | 1 | 0 | 3 | ✅ | | Analytics | 3 | 0 | 0 | 0 | 3 | ✅ | | Systems | 6 | 0 | 1 | 0 | 7 | ✅ | | Release | 5 | 0 | 1 | 0 | 6 | ✅ | | Monitor | 12 | 0 | 13 | 0 | 25 | ✅ | | Fulfillment | 4 | 0 | 7 | 1 | 11 | ✅ | | Configure | 1 | 0 | 3 | 0 | 4 | ✅ | | Secure | 5 | 0 | 3 | 0 | 8 | ✅ | | Ai-powered | 1 | 0 | 2 | 0 | 3 | ✅ | | ModelOps | 0 | 0 | 1 | 0 | 1 | ➖ | | Growth | 0 | 0 | 2 | 0 | 2 | ➖ | +----------------+--------+--------+---------+-------+-------+--------+ | Total | 949 | 0 | 186 | 4 | 1135 | ✅ | +----------------+--------+--------+---------+-------+-------+--------+removed pipeline:run-e2e-omnibus-once label
started a merge train
mentioned in commit 1a356bf1
added workflowstaging-canary label
added workflowcanary label and removed workflowstaging-canary label
added workflowproduction label and removed workflowcanary label
added security-fix-in-public workflowstaging labels and removed security-fix-in-public workflowproduction labels
added security-fix-in-public workflowpost-deploy-db-staging labels and removed security-fix-in-public workflowstaging labels
added workflowpost-deploy-db-production label and removed workflowpost-deploy-db-staging label
added releasedcandidate security-fix-in-public labels and removed security-fix-in-public label
added releasedpublished label and removed releasedcandidate label
