From 438699fb10b59cdc596667e0feddecd7d440e08d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 23 Jan 2025 18:26:09 +0000
Subject: [PATCH 1/2] build(deps): bump golang.org/x/net from 0.32.0 to 0.33.0

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.32.0 to 0.33.0.
- [Commits](https://github.com/golang/net/compare/v0.32.0...v0.33.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index f8d1b28..b7de7b0 100644
--- a/go.mod
+++ b/go.mod
@@ -70,7 +70,7 @@ require (
 	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e // indirect
 	golang.org/x/mod v0.22.0 // indirect
-	golang.org/x/net v0.32.0 // indirect
+	golang.org/x/net v0.33.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
 	golang.org/x/sys v0.28.0 // indirect
 	golang.org/x/text v0.21.0 // indirect
diff --git a/go.sum b/go.sum
index 90931ae..7a6c686 100644
--- a/go.sum
+++ b/go.sum
@@ -260,8 +260,8 @@ golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
 golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
-golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI=
-golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=

From 6ad6b444339a1547e9f904d2186fb2da0e97e5f9 Mon Sep 17 00:00:00 2001
From: Henrik Hautakoski <henrik.hautakoski@gmail.com>
Date: Thu, 23 Jan 2025 19:32:45 +0100
Subject: [PATCH 2/2] Version 1.1.9

---
 Makefile          | 2 +-
 debian/changelog  | 6 ++++++
 docker/Dockerfile | 2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index b96ea39..33fd99f 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@ GO=go
 GOLDFLAGS=-v -s -w -X main.VersionString=$(PROGRAM_VERSION)
 GOBUILDFLAGS+=-v -p $(shell nproc) -ldflags="$(GOLDFLAGS)"
 PROGRAM=thalos-server
-PROGRAM_VERSION ?= 1.1.8
+PROGRAM_VERSION ?= 1.1.9
 PREFIX=/usr/local
 BINDIR=$(PREFIX)/bin
 CFGDIR=$(PREFIX)/etc/thalos
diff --git a/debian/changelog b/debian/changelog
index 50b934f..ecc01aa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+thalos (1.1.9) bionic focal jammy; urgency=medium
+
+  * [Security CVE-2024-45338] Update golang.org/x/net to 0.33.0
+
+ -- Henrik Hautakoski <henrik.hautakoski@gmail.com>  Thu, 23 Jan 2025 19:30:31 +0100
+
 thalos (1.1.8) bionic focal jammy; urgency=medium
 
   * Support for wildcard contracts in Blacklist
diff --git a/docker/Dockerfile b/docker/Dockerfile
index ac810bf..b8fb57f 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:latest
 LABEL maintainer="Henrik Hautakoski <henrik.Hautakoski@gmail.com>"
-ARG VERSION=1.1.8
+ARG VERSION=1.1.9
 WORKDIR /thalos
 ADD --chmod=755 https://github.com/eosswedenorg/thalos/releases/download/v$VERSION/thalos-server-${VERSION}-linux-amd64-musl thalos-server
 ENTRYPOINT [ "./thalos-server" ]