Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BCDA-7456: update golang.org/x/net to suggested version to resolve dependabot alerts #876

Merged
merged 1 commit into from
Oct 12, 2023
Merged

BCDA-7456: update golang.org/x/net to suggested version to resolve dependabot alerts #876

merged 1 commit into from
Oct 12, 2023

Conversation

alex-dzeda
Copy link
Contributor

@alex-dzeda alex-dzeda commented Oct 12, 2023
edited
Loading

Resolve Dependabot security alerts by updating indirect package dependencies for golang.org/x/net to v0.17.0

🎫 Ticket

https://jira.cms.gov/browse/BCDA-7456

🛠 Changes

Updated go.mod to reference a newer version of golang.org/x/net

ℹ️ Context for reviewers

There are currently 5 security alerts for bcda-app, 5 of which are related to golang.org/x/net being out of date.

✅ Acceptance Validation

CI flow continues to pass all tests after updating go.mod ✅

🔒 Security Implications

  • This PR adds a new software dependency or dependencies.
  • This PR modifies or invalidates one or more of our security controls.
  • This PR stores or transmits data that was not stored or transmitted before.
  • This PR requires additional review of its security implications for other reasons.

If any security implications apply, add Jason Ashbaugh (GitHub username: StewGoin) as a reviewer and do not merge this PR without his approval.

@alex-dzeda alex-dzeda changed the title BCDA-Pending: update golang.org/x/net to suggested version to resolve dependabot alerts BCDA-7456: update golang.org/x/net to suggested version to resolve dependabot alerts Oct 12, 2023
kyeah
kyeah approved these changes Oct 12, 2023
View reviewed changes
Copy link
Contributor

@kyeah kyeah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tests pass, so it's good enough for me 👍

@alex-dzeda alex-dzeda merged commit 840d9c7 into master Oct 12, 2023
1 check passed
@alex-dzeda alex-dzeda deleted the alex/netupdate branch October 12, 2023 17:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kyeah kyeah kyeah approved these changes

@karinamzalez karinamzalez Awaiting requested review from karinamzalez

@laurenkrugen-navapbc laurenkrugen-navapbc Awaiting requested review from laurenkrugen-navapbc

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alex-dzeda @kyeah