Skip to content

[release-1.4] build(deps): bump golang.org/x/net from 0.43.0 to 0.44.0 #4131

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: release-1.4
Choose a base branch
from
Open

[release-1.4] build(deps): bump golang.org/x/net from 0.43.0 to 0.44.0 #4131

wants to merge 1 commit into from
+18 −18

Conversation

k8s-infra-cherrypick-robot
Copy link
Contributor

This is an automated cherry-pick of #4108

/assign robscott

@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot mentioned this pull request Sep 26, 2025
Merged
@k8s-ci-robot
Copy link
Contributor

Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Sep 26, 2025
@k8s-ci-robot k8s-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Sep 26, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: k8s-infra-cherrypick-robot
Once this PR has been reviewed and has the lgtm label, please ask for approval from robscott. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@rikatz
Copy link
Member

rikatz commented Sep 26, 2025

/release-note none
/lgtm
/cc @robscott @shaneutt do we want to push this to v1.4 even it just being having its rc2 released?

otherwise we can close this :)

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 26, 2025
@shaneutt
Copy link
Member

Sorry, I missed this before I cut the RC. Are there any snags we anticipate, one way or the other?

@rikatz
Copy link
Member

rikatz commented Sep 26, 2025

nah, per the changelog it seems more like improvements on tests packages and also on http2 and http context (golang/net@v0.43.0...v0.44.0)

The point IMO is as we don't really ship controllers, etc we are fine so no need to cherry-pick (unless we strongly feels this would impact on the conformance tests of this release, which I don't think so)

@rikatz
Copy link
Member

rikatz commented Oct 2, 2025

I am closing this one for now. The library is not causing any security issue and we shouldn't need it.

Also, as Gateway API is a consumable library that doesn't implement any controller, consumers should be the ones responsible of bumping their local libraries in case a CVE is found

~/go/bin/govulncheck ./...
No vulnerabilities found.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robscott robscott Awaiting requested review from robscott

@youngnick youngnick Awaiting requested review from youngnick

Assignees

@robscott robscott

@rikatz rikatz

Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@k8s-infra-cherrypick-robot @k8s-ci-robot @rikatz @shaneutt @robscott