[RHOAIENG-5305] - golang.org/x/net Allocation of Resources Without Li…

…mits or Throttling chore: Fixes [CVE-2023-45288](https://www.cve.org/CVERecord?id=CVE-2023-45288) Signed-off-by: Spolti <[email protected]>
opendatahub-io · Apr 12, 2024 · b620f19 · b620f19
1 parent 1d5a0ed
commit b620f19
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 80 deletions.
diff --git a/qpext/go.mod b/qpext/go.mod
@@ -50,12 +50,12 @@ require (
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/automaxprocs v1.5.2 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/net v0.17.0 // indirect
+	golang.org/x/net v0.21.0 // indirect
 	golang.org/x/oauth2 v0.8.0 // indirect
 	golang.org/x/sync v0.2.0 // indirect
-	golang.org/x/sys v0.13.0 // indirect
-	golang.org/x/term v0.13.0 // indirect
-	golang.org/x/text v0.13.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/term v0.18.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/api v0.122.0 // indirect
@@ -78,3 +78,6 @@ require (
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
 )
+
+// Fixes CVE-2023-45288
+replace golang.org/x/net => golang.org/x/net v0.23.0