Skip to content

fix: bump golang.org/x/net to v0.38.0 (fixes CVE-2025-22870 & CVE-2025-22872)#2641

Merged
k8s-ci-robot merged 3 commits intokubernetes:mainfrom
ricardbejarano:main
Mar 31, 2025
Merged

fix: bump golang.org/x/net to v0.38.0 (fixes CVE-2025-22870 & CVE-2025-22872)#2641
k8s-ci-robot merged 3 commits intokubernetes:mainfrom
ricardbejarano:main

Conversation

@ricardbejarano
Copy link
Copy Markdown
Contributor

@ricardbejarano ricardbejarano commented Mar 29, 2025

What this PR does / why we need it:
Fixes CVE-2025-22870.

How does this change affect the cardinality of KSM:
Does not change cardinality.

Which issue(s) this PR fixes:
Replaces #2636.

@k8s-ci-robot k8s-ci-robot added needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Mar 29, 2025
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Mar 29, 2025

This issue is currently awaiting triage.

If kube-state-metrics contributors determine this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Mar 29, 2025

Welcome @ricardbejarano!

It looks like this is your first PR to kubernetes/kube-state-metrics 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/kube-state-metrics has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Mar 29, 2025
mrueg
mrueg reviewed Mar 29, 2025
View reviewed changes
Comment thread go.mod Outdated
@ricardbejarano ricardbejarano changed the title fix: bump golang.org/x/net to v0.36.0 (fixes CVE-2025-22870) fix: bump golang.org/x/net to v0.38.0 (fixes CVE-2025-22870 & CVE-2025-22872) Mar 30, 2025
@ricardbejarano
go mod tidy
4f62f0f 
Signed-off-by: Ricard Bejarano <ricard@bejarano.io>
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Mar 31, 2025
@CatherineF-dev
Copy link
Copy Markdown
Contributor

CatherineF-dev commented Mar 31, 2025

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 31, 2025
@mrueg
Copy link
Copy Markdown
Member

mrueg commented Mar 31, 2025

/lgtm

Thanks!

@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Mar 31, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: CatherineF-dev, mrueg, ricardbejarano

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 31, 2025
@k8s-ci-robot k8s-ci-robot merged commit ffd8f41 into kubernetes:main Mar 31, 2025
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrueg mrueg mrueg left review comments

@CatherineF-dev CatherineF-dev Awaiting requested review from CatherineF-dev

@logicalhan logicalhan Awaiting requested review from logicalhan

Assignees

@mrueg mrueg

@CatherineF-dev CatherineF-dev

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ricardbejarano @k8s-ci-robot @CatherineF-dev @mrueg