From 7943e68bc857a189c758245d43c12d4e8c9d77f8 Mon Sep 17 00:00:00 2001
From: Adrian Moisey <adrian@changeover.za.net>
Date: Thu, 19 Dec 2024 17:50:26 +0200
Subject: [PATCH] Bump golang.org/x/net to v0.33.0

For this CVE: https://pkg.go.dev/vuln/GO-2024-3333

Whil it isn't used in the VPA, it's great to keep CVEs shipped with the
VPA down
---
 vertical-pod-autoscaler/go.mod | 2 +-
 vertical-pod-autoscaler/go.sum | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/vertical-pod-autoscaler/go.mod b/vertical-pod-autoscaler/go.mod
index 362e7656e4ae..5cea2634fcda 100644
--- a/vertical-pod-autoscaler/go.mod
+++ b/vertical-pod-autoscaler/go.mod
@@ -57,7 +57,7 @@ require (
 	go.opentelemetry.io/otel v1.28.0 // indirect
 	go.opentelemetry.io/otel/trace v1.28.0 // indirect
 	golang.org/x/mod v0.21.0 // indirect
-	golang.org/x/net v0.32.0 // indirect
+	golang.org/x/net v0.33.0 // indirect
 	golang.org/x/oauth2 v0.24.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
 	golang.org/x/sys v0.28.0 // indirect
diff --git a/vertical-pod-autoscaler/go.sum b/vertical-pod-autoscaler/go.sum
index 6149c7a70f20..2bbec89dd7a2 100644
--- a/vertical-pod-autoscaler/go.sum
+++ b/vertical-pod-autoscaler/go.sum
@@ -139,6 +139,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI=
 golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
 golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=