chore: bump golang net and grpc lib to secure version #49

j75689 · 2023-11-13T06:22:37Z

Description

bump golang net and grpc lib to secure version
https://github.com/bnb-chain/greenfield-cometbft/actions/runs/6729943597/job/18291711132?pr=47

Rationale

Vulnerability #1: GO-2023-2102
    HTTP/2 rapid reset can cause excessive work in net/http
  More info: https://pkg.go.dev/vuln/GO-2023-2102
  Module: golang.org/x/net
    Found in: golang.org/x/[email protected]
    Fixed in: golang.org/x/[email protected]

Vulnerability #1: GO-2023-2153
    denial of service from HTTP/2 Rapid Reset in google.golang.org/grpc
  More info: https://pkg.go.dev/vuln/GO-2023-2153
  Module: google.golang.org/grpc
    Found in: google.golang.org/[email protected]
    Fixed in: google.golang.org/[email protected]

Example

n/a

Changes

Notable changes:

deps

j75689 added 2 commits November 13, 2023 14:21

chore: bump golang net and grpc lib to secure version

c14f930

chore: update change log

c5699e2

unclezoro approved these changes Nov 13, 2023

View reviewed changes

keefel approved these changes Nov 13, 2023

View reviewed changes

j75689 added this pull request to the merge queue Nov 13, 2023

Merged via the queue into bnb-chain:develop with commit 9c668b7 Nov 13, 2023
15 checks passed

j75689 deleted the chore/update_dep branch November 13, 2023 06:31

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: bump golang net and grpc lib to secure version #49

chore: bump golang net and grpc lib to secure version #49

j75689 commented Nov 13, 2023

chore: bump golang net and grpc lib to secure version #49

chore: bump golang net and grpc lib to secure version #49

Conversation

j75689 commented Nov 13, 2023

Description

Rationale

Example

Changes