Patching 3 vulnerable go packages
What does this MR do?
Patches CVEs for multiple vulnerable GO packages.
Package | Vulnerabilities | Installed Version | Fixed Version |
---|---|---|---|
github.com/go-git/go-git/v5 | CVE-2023-49569, CVE-2023-49568 | v5.4.2 | v5.11.0 |
golang.org/x/net | CVE-2022-27664, CVE-2022-41721, CVE-2022-41723, CVE-2023-39325 | v0.0.0-20220708220712-1185a9018129 | v0.17.0 |
What are the relevant issue numbers?
Will follow up once created.
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests updated/added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Matthew Haag