Skip to content

Bump go-version to 1.22.2 for release-3.6 due to CVE-2023-45288 #17707

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 4, 2024
Merged

Bump go-version to 1.22.2 for release-3.6 due to CVE-2023-45288 #17707

merged 1 commit into from
Apr 4, 2024

Conversation

henrybear327
Copy link
Contributor

Changes:

  • Bump toolchain version to 1.22.2 due to CVE-2023-45288
  • Update CHANGELOG-3.6
  • Bump go version in rw-heatmaps (which was still at 1.21 where everything else is at 1.22)

Reference:

Please read https://github.com/etcd-io/etcd/blob/main/CONTRIBUTING.md#contribution-flow.

@k8s-ci-robot
Copy link

Hi @henrybear327. Thanks for your PR.

I'm waiting for a etcd-io member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@henrybear327 henrybear327 marked this pull request as draft April 4, 2024 08:04
@henrybear327 henrybear327 force-pushed the cve/3.6-bump-go-1.22.2 branch from ca6e265 to aaff4d1 Compare April 4, 2024 08:15
@henrybear327 henrybear327 marked this pull request as ready for review April 4, 2024 08:15
@henrybear327 henrybear327 force-pushed the cve/3.6-bump-go-1.22.2 branch 4 times, most recently from f86dd78 to d89a106 Compare April 4, 2024 08:55
@henrybear327
Bump go toolchain version to address CVE-2023-45288
034574f 
Changes:
- Bump release-3.6 toolchain version to 1.22.2 due to CVE-2023-45288
- Bump golang.org/x/net to v0.23.0
- Update CHANGELOG-3.4, CHANGELOG-3.5, and CHANGELOG-3.6
- Bump go version in rw-heatmaps (which was still at 1.21 where
everything else is at 1.22)

Reference:
- PR etcd-io#17703

Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
@henrybear327 henrybear327 force-pushed the cve/3.6-bump-go-1.22.2 branch from d89a106 to 034574f Compare April 4, 2024 09:06
@henrybear327 henrybear327 changed the title Bump go toolchain version to 1.22.2 Bump go toolchain version to 1.22.2 for release-3.6 Apr 4, 2024
@henrybear327 henrybear327 changed the title Bump go toolchain version to 1.22.2 for release-3.6 Bump go-version to 1.22.2 for release-3.6 due to CVE-2023-45288 Apr 4, 2024
@henrybear327
Copy link
Contributor Author

Blocking #17560

ahrtr
ahrtr approved these changes Apr 4, 2024
View reviewed changes
Copy link
Member

@ahrtr ahrtr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

Thanks

@ahrtr ahrtr merged commit bdbf8a2 into etcd-io:main Apr 4, 2024
@ivanvc ivanvc mentioned this pull request Apr 4, 2024
Closed
10 tasks
@ivanvc
Copy link
Member

ivanvc commented Apr 4, 2024

@henrybear327, thanks for addressing tools/rw-heatmaps 🙇 I noticed after we merged the PR, but didn't have time to get back to it.

@henrybear327
Copy link
Contributor Author

@henrybear327, thanks for addressing tools/rw-heatmaps 🙇 I noticed after we merged the PR, but didn't have time to get back to it.

@ivanvc, no worries :) and thank you for reviewing!

@henrybear327 henrybear327 deleted the cve/3.6-bump-go-1.22.2 branch April 4, 2024 18:30
@ivanvc ivanvc mentioned this pull request Apr 5, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@serathius serathius serathius approved these changes

@ahrtr ahrtr ahrtr approved these changes

Assignees
No one assigned
Labels
ok-to-test
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@henrybear327 @k8s-ci-robot @ivanvc @serathius @ahrtr @jmhbnz