Skip to content

Bump golang.org/x/oauth2 from v0.23.0 to v0.27.0#36584

Merged
SarahFrench merged 3 commits intomainfrom
sarah/bump-oauth2
Feb 28, 2025
Merged

Bump golang.org/x/oauth2 from v0.23.0 to v0.27.0#36584
SarahFrench merged 3 commits intomainfrom
sarah/bump-oauth2

Conversation

@SarahFrench
Copy link
Copy Markdown
Member

@SarahFrench SarahFrench commented Feb 26, 2025
edited
Loading

Pulls in the CVE fix introduced in v0.27.0: https://github.com/golang/oauth2/releases/tag/v0.27.0

When comparing v0.23.0 to v0.27.0 the only functional change is this CVE fix; all other changes are to docs or code comments.

Target Release

1.11.1

CHANGELOG entry

  • This change is user-facing and I added a changelog entry.
  • This change is not user-facing.

@SarahFrench SarahFrench added the no-changelog-needed Add this to your PR if the change does not require a changelog entry label Feb 26, 2025
@SarahFrench SarahFrench added 1.11-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged and removed no-changelog-needed Add this to your PR if the change does not require a changelog entry labels Feb 26, 2025
@SarahFrench
Copy link
Copy Markdown
Member Author

SarahFrench commented Feb 26, 2025

This PR shouldn't be merged until the v1.11 GA release, and then it can be included in the v1.11.1 patch release next week

@SarahFrench SarahFrench marked this pull request as ready for review February 26, 2025 18:17
@SarahFrench SarahFrench requested review from a team as code owners February 26, 2025 18:17
@SarahFrench SarahFrench merged commit b0dbd66 into main Feb 28, 2025
14 checks passed
@SarahFrench SarahFrench deleted the sarah/bump-oauth2 branch February 28, 2025 10:05
@github-actions github-actions bot mentioned this pull request Feb 28, 2025
Merged
2 tasks
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 31, 2025

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 31, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@radeksimko radeksimko radeksimko approved these changes

Assignees

No one assigned

Labels

1.11-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SarahFrench @radeksimko