go.mod: bump golang.org/x/net to v0.33.0

The version of golang.org/x/net that we're using (v0.25.0) is vulnerable to GO-2024-3333, a DoS vulnerability. Packer is not particularly vulnerable to this, as we are not a hosted service, but since security scanners report this, and the fix is rather simple, we address it today.
hashicorp · Dec 20, 2024 · 77bf028 · 77bf028
1 parent 38f081c
commit 77bf028
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/go.mod b/go.mod
@@ -45,7 +45,7 @@ require (
 	github.com/zclconf/go-cty-yaml v1.0.1
 	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/mod v0.17.0
-	golang.org/x/net v0.25.0
+	golang.org/x/net v0.33.0
 	golang.org/x/oauth2 v0.15.0
 	golang.org/x/sync v0.10.0
 	golang.org/x/sys v0.28.0 // indirect

diff --git a/go.sum b/go.sum
@@ -603,6 +603,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ=
 golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM=