From 386a84ad59802920525a8d8e8d43862839bfad92 Mon Sep 17 00:00:00 2001 From: ankur22 Date: Thu, 19 Dec 2024 11:32:42 +0000 Subject: [PATCH 1/2] Update to the latest version of golang.org/x/net --- go.mod | 2 +- go.sum | 4 ++-- vendor/golang.org/x/net/html/doctype.go | 2 +- vendor/golang.org/x/net/html/foreign.go | 3 +-- vendor/golang.org/x/net/html/parse.go | 8 ++++++-- vendor/modules.txt | 2 +- 6 files changed, 12 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index e64052dee1f..f3778f6060c 100644 --- a/go.mod +++ b/go.mod @@ -48,7 +48,7 @@ require ( go.uber.org/goleak v1.3.0 golang.org/x/crypto v0.31.0 golang.org/x/crypto/x509roots/fallback v0.0.0-20240806160748-b2d3a6a4b4d3 - golang.org/x/net v0.32.0 + golang.org/x/net v0.33.0 golang.org/x/term v0.27.0 golang.org/x/time v0.8.0 google.golang.org/grpc v1.67.1 diff --git a/go.sum b/go.sum index d2b982b63bc..4e9a3c72dbf 100644 --- a/go.sum +++ b/go.sum @@ -259,8 +259,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= -golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= -golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= diff --git a/vendor/golang.org/x/net/html/doctype.go b/vendor/golang.org/x/net/html/doctype.go index c484e5a94fb..bca3ae9a0c2 100644 --- a/vendor/golang.org/x/net/html/doctype.go +++ b/vendor/golang.org/x/net/html/doctype.go @@ -87,7 +87,7 @@ func parseDoctype(s string) (n *Node, quirks bool) { } } if lastAttr := n.Attr[len(n.Attr)-1]; lastAttr.Key == "system" && - strings.ToLower(lastAttr.Val) == "http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd" { + strings.EqualFold(lastAttr.Val, "http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd") { quirks = true } } diff --git a/vendor/golang.org/x/net/html/foreign.go b/vendor/golang.org/x/net/html/foreign.go index 9da9e9dc424..e8515d8e887 100644 --- a/vendor/golang.org/x/net/html/foreign.go +++ b/vendor/golang.org/x/net/html/foreign.go @@ -40,8 +40,7 @@ func htmlIntegrationPoint(n *Node) bool { if n.Data == "annotation-xml" { for _, a := range n.Attr { if a.Key == "encoding" { - val := strings.ToLower(a.Val) - if val == "text/html" || val == "application/xhtml+xml" { + if strings.EqualFold(a.Val, "text/html") || strings.EqualFold(a.Val, "application/xhtml+xml") { return true } } diff --git a/vendor/golang.org/x/net/html/parse.go b/vendor/golang.org/x/net/html/parse.go index 46a89eda6c1..643c674e378 100644 --- a/vendor/golang.org/x/net/html/parse.go +++ b/vendor/golang.org/x/net/html/parse.go @@ -840,6 +840,10 @@ func afterHeadIM(p *parser) bool { p.parseImpliedToken(StartTagToken, a.Body, a.Body.String()) p.framesetOK = true + if p.tok.Type == ErrorToken { + // Stop parsing. + return true + } return false } @@ -1031,7 +1035,7 @@ func inBodyIM(p *parser) bool { if p.tok.DataAtom == a.Input { for _, t := range p.tok.Attr { if t.Key == "type" { - if strings.ToLower(t.Val) == "hidden" { + if strings.EqualFold(t.Val, "hidden") { // Skip setting framesetOK = false return true } @@ -1459,7 +1463,7 @@ func inTableIM(p *parser) bool { return inHeadIM(p) case a.Input: for _, t := range p.tok.Attr { - if t.Key == "type" && strings.ToLower(t.Val) == "hidden" { + if t.Key == "type" && strings.EqualFold(t.Val, "hidden") { p.addElement() p.oe.pop() return true diff --git a/vendor/modules.txt b/vendor/modules.txt index 4fc6f0402a9..e6023d48f5c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -439,7 +439,7 @@ golang.org/x/crypto/ripemd160 # golang.org/x/crypto/x509roots/fallback v0.0.0-20240806160748-b2d3a6a4b4d3 ## explicit; go 1.20 golang.org/x/crypto/x509roots/fallback -# golang.org/x/net v0.32.0 +# golang.org/x/net v0.33.0 ## explicit; go 1.18 golang.org/x/net/context golang.org/x/net/html From ecb58ad0e41010ef72de8f2956a78577f6a6411c Mon Sep 17 00:00:00 2001 From: ankur22 Date: Thu, 19 Dec 2024 11:58:37 +0000 Subject: [PATCH 2/2] Add release note for v0.55.1 --- release notes/v0.55.1.md | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 release notes/v0.55.1.md diff --git a/release notes/v0.55.1.md b/release notes/v0.55.1.md new file mode 100644 index 00000000000..f659d4bdd05 --- /dev/null +++ b/release notes/v0.55.1.md @@ -0,0 +1,7 @@ +k6 `v0.55.1` is here 🎉! This release includes: + +- Dependency updates for `golang.org/x/net`. + +## Maintenance and internal improvements + +- [#4134](https://github.com/grafana/k6/pull/4134) Updates `golang.org/x/net` which contains a fix for CVE-2024-45338.