Update Go dependencies
What critical bug this MR is fixing?
This resolves a number of CVEs:
Name | Severity | Package |
---|---|---|
CVE-2023-39325 | High | golang.org/x/net |
CVE-2023-48795 | High | golang.org/x/crypto |
CVE-2023-3978 | Medium | golang.org/x/net |
CVE-2023-44487 | Medium | golang.org/x/net |
How does this change help reduce cost of usage? What scale of cost reduction is it?
Vendors flag this binary as vulnerable, and the cost is in our time answering whether we will address the issue.
In what scenarios is this change usable with GitLab Runner's docker+machine executor?
Change affects HTTP client in executor. Should not see any differences.
Edited by Stan Hu