-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[chore] follow codeql recommendation #10165
[chore] follow codeql recommendation #10165
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This breaks our compatibility promise: we are dropping support for Go 1.21.x for x less than 10. There were also recently some fixes upstream (see golang/go@27ed85d) that I think should make this message go away.
Happy to close this, however this PR does bring up a good question of whether we should support versions of go 1.21.x with known CVEs. |
We should definitely encourage using the latest version. We could add a In terms of support however, I don't think we lose much by continuing to support those versions, but we can discuss it! |
Right, I'm thinking that if we were to only support versions greater than any with known CVEs it would act as incentive to any consumers of the collector libraries to also update to newer versions. I can open a separate issue to discuss and close this PR after I do so. |
100% we should enforce latest (hopefully no CVEs) version when we build the final binary that we release as a binary, but for libraries like artifacts we cannot enforce this. |
CodeQL is currently reporting "Invalid Go toolchain version: As of Go 1.21, toolchain versions must use the 1.N.P syntax.". This PR attempts to fix this. Signed-off-by: Alex Boten <223565+codeboten@users.noreply.github.com>
253773d
to
9cf098f
Compare
@mx-psi @bogdandrutu to appease codeql and ensure we continue to support all version 1.21, i updated the version in go.mod to 1.21.0 |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #10165 +/- ##
==========================================
+ Coverage 91.90% 91.98% +0.08%
==========================================
Files 361 361
Lines 16970 16968 -2
==========================================
+ Hits 15596 15608 +12
+ Misses 1032 1020 -12
+ Partials 342 340 -2 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. I'd like us to revisit 1.21
vs 1.21.0
once the patch I mentioned above in golang/go is released, but I am okay with doing this for now
Signed-off-by: Alex Boten <223565+codeboten@users.noreply.github.com>
CodeQL is currently reporting "Invalid Go toolchain version: As of Go 1.21, toolchain versions must use the 1.N.P syntax.". This PR attempts to fix this. --------- Signed-off-by: Alex Boten <223565+codeboten@users.noreply.github.com>
CodeQL is currently reporting "Invalid Go toolchain version: As of Go 1.21, toolchain versions must use the 1.N.P syntax.". This PR attempts to fix this.