dependency: Bumps golang.org/x/image from 0.11.0 to 0.18.0 #18366

ivanvc · 2024-07-25T22:16:52Z

Although our code is not vulnerable to GO-2024-2937/CVE-2024-24792, it is reported in the OpenSSF Scorecard.

Initially opened by dependabot (#18237). But I don't have permission to re-open the pull request.

Part of #18362.

Signed-off-by: Ivan Valdes <[email protected]>

ahrtr · 2024-07-26T06:21:21Z

/test pull-etcd-integration-1-cpu-amd64

ahrtr · 2024-07-26T06:25:23Z

gonum.org/v1/plot already resolved GO-2024-2937 / CVE-2024-24792 by bumping the golang.org/x/image to v0.18.0.
gonum/plot@69eb92b

k8s-ci-robot · 2024-07-26T06:25:39Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ahrtr, ivanvc

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

dependency: Bumps golang.org/x/image from 0.11.0 to 0.18.0

89551e1

Signed-off-by: Ivan Valdes <[email protected]>

k8s-ci-robot added area/performance area/tooling size/S labels Jul 25, 2024

ahrtr approved these changes Jul 26, 2024

View reviewed changes

k8s-ci-robot added the approved label Jul 26, 2024

ahrtr added the stage/merge-when-tests-green label Jul 26, 2024

ahrtr merged commit 94d4744 into etcd-io:main Jul 26, 2024
46 checks passed

ivanvc deleted the update-golang.org-x-image-to-0.18.0 branch July 26, 2024 14:39

Provide feedback