Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade to golang 1.18 and fix ad-hoc security vulnerabilities #93

Merged
merged 5 commits into from
Feb 8, 2023
Merged

Upgrade to golang 1.18 and fix ad-hoc security vulnerabilities #93

merged 5 commits into from
Feb 8, 2023

Conversation

ZaradarBH
Copy link
Contributor

@ZaradarBH ZaradarBH commented Feb 6, 2023
edited
Loading

Summary of changes

Report of required housekeeping

  • Github issue OR spec proposal link

(FOR ADMIN) Before merging

  • Added appropriate labels to PR
  • Squashed all commits, uses message "Merge pull request #XYZ: [title]" (coding standards)
  • Ensure all tests pass

ZaradarTR added 2 commits February 6, 2023 15:44
- Target golang 1.18 in docker assets & go.mod
b5d68a4 
- Add apk update command to final image in multi-stage build chain
- Patch "Denial of Service" vulnerability in prometheus/client_golang
- Patch golang.org/x/* deps to fix vulnerabilities
355e133
@ZaradarBH ZaradarBH self-assigned this Feb 6, 2023
@ZaradarBH ZaradarBH added enhancement New feature or request out of scope work that is unapproved by the community, but still essential for the L1 team labels Feb 6, 2023
@ZaradarBH ZaradarBH added this to the v1.0.6 milestone Feb 6, 2023
@ZaradarBH ZaradarBH linked an issue Feb 6, 2023 that may be closed by this pull request
Align golang version in docker assets #92
Closed
@ZaradarBH ZaradarBH changed the title Docker downgrade go dependencies to 1 18 Upgrade to golang 1.18 and fix ad-hoc security vulnerabilities Feb 6, 2023
@ZaradarBH ZaradarBH added the security Security concerns label Feb 6, 2023
- Bump ibc-go to v1.3.1
f65f614 
- Bump Cosmos-SDK to v0.44.8
- Bump cobra to v1.4.0
- Bump tendermint to v0.34.19
- Bump grcp to v1.45.0
- Bump ics23/go to v0.7.0
@ZaradarBH ZaradarBH requested a review from inon-man February 7, 2023 20:06
@ZaradarBH ZaradarBH mentioned this pull request Feb 7, 2023
Closed
4 tasks
@ZaradarBH ZaradarBH linked an issue Feb 7, 2023 that may be closed by this pull request
Update IBC Go #86
Closed
4 tasks
@inon-man inon-man changed the base branch from v1.0.5-archive to release/v1.x February 7, 2023 21:19
@ZaradarBH ZaradarBH merged commit 0eced5e into release/v1.x Feb 8, 2023
@inon-man inon-man deleted the docker-downgrade-go-dependencies-to-1-18 branch February 13, 2023 15:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edk208 edk208 Awaiting requested review from edk208

@fragwuerdig fragwuerdig Awaiting requested review from fragwuerdig

@nghuyenthevinh2000 nghuyenthevinh2000 Awaiting requested review from nghuyenthevinh2000

@inon-man inon-man Awaiting requested review from inon-man

Assignees

@ZaradarBH ZaradarBH

Labels
enhancement New feature or request out of scope work that is unapproved by the community, but still essential for the L1 team security Security concerns
Projects
No open projects
L1 Sprint #3 Feb 6th - Feb 17th
Status: Done
Milestone
Core - v1.1.0
Development

Successfully merging this pull request may close these issues.

Align golang version in docker assets Update IBC Go
2 participants
@ZaradarBH @inon-man