[release-1.4] build(deps): bump golang.org/x/net from 0.43.0 to 0.44.0 #4131
Conversation
|
Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
do-not-merge/release-note-label-needed
k8s-ci-robot
added
the
size/M
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.43.0 to 0.44.0. - [Commits](golang/net@v0.43.0...v0.44.0)
k8s-infra-cherrypick-robot
force-pushed
the
cherry-pick-4108-to-release-1.4
branch
from
67ffd44 to
22c5205
Compare
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: k8s-infra-cherrypick-robot The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
lgtm
|
Sorry, I missed this before I cut the RC. Are there any snags we anticipate, one way or the other? |
|
nah, per the changelog it seems more like improvements on tests packages and also on http2 and http context (golang/net@v0.43.0...v0.44.0) The point IMO is as we don't really ship controllers, etc we are fine so no need to cherry-pick (unless we strongly feels this would impact on the conformance tests of this release, which I don't think so) |
|
I am closing this one for now. The library is not causing any security issue and we shouldn't need it. Also, as Gateway API is a consumable library that doesn't implement any controller, consumers should be the ones responsible of bumping their local libraries in case a CVE is found |
This is an automated cherry-pick of #4108
/assign robscott