Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bump Go to v1.22.2, update deps and prepare for v0.1.11 release #198

Merged
merged 3 commits into from
Apr 9, 2024
Merged

bump Go to v1.22.2, update deps and prepare for v0.1.11 release #198

merged 3 commits into from
Apr 9, 2024

Conversation

rolinh
Copy link
Member

@rolinh rolinh commented Apr 9, 2024

go1.22.2 (released 2024-04-03) includes a security fix to the net/http
package, as well as bug fixes to the compiler, the go command, the
linker, and the encoding/gob, go/types, net/http, and runtime/trace
packages.

@rolinh rolinh added enhancement New feature or request go Pull requests that update Go code security labels Apr 9, 2024
@rolinh rolinh requested review from a team as code owners April 9, 2024 09:48
@rolinh rolinh requested review from sayboras and chancez and removed request for a team April 9, 2024 09:48
@rolinh
Copy link
Member Author

rolinh commented Apr 9, 2024

All right, there's also a vuln ingolang.org/x/net:

 Vulnerability #1: GO-2024-2687
    HTTP/2 CONTINUATION flood in net/http
  More info: https://pkg.go.dev/vuln/GO-2024-2687
  Module: golang.org/x/net
    Found in: golang.org/x/[email protected]
    Fixed in: golang.org/x/[email protected]

I'll push another commit to bump the dep.

@rolinh
Copy link
Member Author

rolinh commented Apr 9, 2024

@sayboras @kaworu I push a third commit to bump the version and tag a release.

@rolinh rolinh requested review from sayboras and kaworu April 9, 2024 10:00
sayboras
sayboras approved these changes Apr 9, 2024
View reviewed changes
Copy link
Member

@sayboras sayboras left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still looks good ✔️

@rolinh rolinh changed the title bump Go to v1.22.2 bump Go to v1.22.2, update deps and prepare for v0.1.11 release Apr 9, 2024
@rolinh rolinh mentioned this pull request Apr 9, 2024
Merged
rolinh added 3 commits April 9, 2024 12:02
@rolinh
bump Go to v1.22.2
81b3f00 
> go1.22.2 (released 2024-04-03) includes a security fix to the net/http
> package, as well as bug fixes to the compiler, the go command, the
> linker, and the encoding/gob, go/types, net/http, and runtime/trace
> packages.

Signed-off-by: Robin Hahling <[email protected]>
@rolinh
vendor: bump golang.org/x/net to v0.24.0
c32d932 
This update addresses a vulnerability:
https://pkg.go.dev/vuln/GO-2024-2687

While here, also bump dependencies to their latest patch revision.

Signed-off-by: Robin Hahling <[email protected]>
@rolinh
version: prepare for v0.1.11 release
c1ef3e2 
Signed-off-by: Robin Hahling <[email protected]>
@rolinh rolinh force-pushed the pr/rolinh/go-v1.22.2 branch from 0e0a96c to c1ef3e2 Compare April 9, 2024 10:02
@rolinh rolinh merged commit 6c09bc4 into master Apr 9, 2024
1 check passed
@rolinh rolinh deleted the pr/rolinh/go-v1.22.2 branch April 9, 2024 10:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sayboras sayboras sayboras approved these changes

@chancez chancez Awaiting requested review from chancez chancez was automatically assigned from cilium/sig-hubble

@kaworu kaworu Awaiting requested review from kaworu

Assignees
No one assigned
Labels
enhancement New feature or request go Pull requests that update Go code security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rolinh @kaworu @sayboras