Upgrade go.mod package versions #210

VaniHaripriya · 2024-07-16T19:06:15Z

Description of your changes:
Resolves RHOAIENG-7309

Implemented fixes on my fork and imported in my personal snyk account and made sure CVEs are eliminated. Also updated the license CSVs.

Checklist:

gmfrasca · 2024-07-16T20:23:40Z

go.mod

+	golang.org/x/net v0.17.0 => golang.org/x/net v0.23.0
+	golang.org/x/net v0.21.0 => golang.org/x/net v0.23.0


at some point we should figure out why we're requiring v0.17.0 and v0.21.0 just to replace with v0.23.0

+1, these could be combined into one statement replacing 0.17.0 with 0.23.0.

snyk created a CVE for 0.21.0 version, when I added only one statement to replace 0.17.0 with 0.23.0.

DharmitD

/lgtm

gmfrasca · 2024-07-25T19:30:57Z

/hold, investigating backend integration test failure

gmfrasca · 2024-07-26T20:25:24Z

/unhold, lgtm

VaniHaripriya force-pushed the RHOAIENG-7310-New-CVE-Fix branch from f9df218 to 3be7f77 Compare July 16, 2024 19:07

Upgrade go.mod package versions

8399a2f

VaniHaripriya force-pushed the RHOAIENG-7310-New-CVE-Fix branch from 3be7f77 to 8399a2f Compare July 16, 2024 19:09

gmfrasca reviewed Jul 16, 2024

View reviewed changes

DharmitD reviewed Jul 25, 2024

View reviewed changes

gmfrasca approved these changes Jul 25, 2024

View reviewed changes

gmfrasca merged commit 2b77f5a into opendatahub-io:master Jul 26, 2024
11 of 13 checks passed

Provide feedback

		golang.org/x/net v0.17.0 => golang.org/x/net v0.23.0
		golang.org/x/net v0.21.0 => golang.org/x/net v0.23.0