chore: update golang.org/x/net dep to avoid vulnerability (#1481)

* chore: update golang.org/x/net dep to avoid vulnerability * chore: release prep for patch version * chore: removed stray newline
Kong · Dec 24, 2024 · f73569d · f73569d
1 parent 63fd4c7
commit f73569d
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,6 @@
 # Table of Contents
 
+- [v1.42.1](#v1421)
 - [v1.42.0](#v1420)
 - [v1.41.4](#v1414)
 - [v1.41.3](#v1413)
@@ -102,6 +103,14 @@
 - [v0.2.0](#v020)
 - [v0.1.0](#v010)
 
+## [v1.42.1]
+> Release date: 2024/12/24
+
+### Fixed
+- Updated `golang.org/x/net` to version `v0.33.0` to account for
+vulnerability [CVE-2024-45338](https://avd.aquasec.com/nvd/2024/cve-2024-45338/)
+[#1481](https://github.com/Kong/deck/pull/1481)
+
 ## [v1.42.0]
 > Release date: 2024/12/13
 
@@ -1914,6 +1923,7 @@ No breaking changes have been introduced in this release.
 
 Debut release of decK
 
+[v1.42.1]: https://github.com/Kong/deck/compare/v1.42.0...v1.42.1
 [v1.42.0]: https://github.com/Kong/deck/compare/v1.41.4...v1.42.0
 [v1.41.4]: https://github.com/Kong/deck/compare/v1.41.3...v1.41.4
 [v1.41.3]: https://github.com/Kong/deck/compare/v1.41.2...v1.41.3

diff --git a/README.md b/README.md
@@ -73,7 +73,7 @@ the GitHub [release page](https://github.com/kong/deck/releases)
 or install by downloading the binary:
 
 ```shell
-$ curl -sL https://github.com/kong/deck/releases/download/v1.42.0/deck_1.42.0_linux_amd64.tar.gz -o deck.tar.gz
+$ curl -sL https://github.com/kong/deck/releases/download/v1.42.1/deck_1.42.1_linux_amd64.tar.gz -o deck.tar.gz
 $ tar -xf deck.tar.gz -C /tmp
 $ sudo cp /tmp/deck /usr/local/bin/
 ```
@@ -84,7 +84,7 @@ If you are on Windows, you can download the binary from the GitHub
 [release page](https://github.com/kong/deck/releases) or via PowerShell:
 
 ```shell
-$ curl -sL https://github.com/kong/deck/releases/download/v1.42.0/deck_1.42.0_windows_amd64.tar.gz -o deck.tar.gz
+$ curl -sL https://github.com/kong/deck/releases/download/v1.42.1/deck_1.42.1_windows_amd64.tar.gz -o deck.tar.gz
 $ tar -xzvf deck.tar.gz
 ```
 

diff --git a/go.mod b/go.mod
@@ -188,7 +188,7 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
 	golang.org/x/mod v0.21.0 // indirect
-	golang.org/x/net v0.30.0 // indirect
+	golang.org/x/net v0.33.0 // indirect
 	golang.org/x/sys v0.28.0 // indirect
 	golang.org/x/term v0.27.0 // indirect
 	golang.org/x/text v0.21.0 // indirect

diff --git a/go.sum b/go.sum
@@ -522,8 +522,8 @@ golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
-golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
 golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=