Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address GO-2024-2687 #5139

Merged
merged 3 commits into from Apr 4, 2024
Merged

Address GO-2024-2687 #5139

merged 3 commits into from Apr 4, 2024

Conversation

MrAlias
Copy link
Contributor

@MrAlias MrAlias commented Apr 3, 2024
edited

  • The latest releases of Go 1.22 and 1.21 contain security fix for net/http. Explicitly set the CI system to not use vulnerable versions when testing so our vulnerable checker does not fail (and we aren't vulnerable).
  • Upgrade all dependencies of golang.org/x/net to v0.23.0

@MrAlias
Bump Go versions used in CI systems
163657e 
The latest releases of Go 1.22 and 1.21 contain security fixes for
`net/http`. Explicitly set the CI system to not use vulnerable versions
when testing so our vulnerable checker does not fail (and we aren't
vulnerable).
@MrAlias MrAlias added the Skip Changelog PRs that do not require a CHANGELOG.md entry label Apr 3, 2024
@MrAlias MrAlias marked this pull request as ready for review April 3, 2024 23:13
@MrAlias MrAlias mentioned this pull request Apr 3, 2024
Merged
@codecov Codecov
Copy link

codecov bot commented Apr 3, 2024
edited

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 83.9%. Comparing base (6c6e1e7) to head (1ea84b3).

Additional details and impacted files

Impacted file tree graph

@@          Coverage Diff          @@
##            main   #5139   +/-   ##
=====================================
  Coverage   83.9%   83.9%           
=====================================
  Files        248     248           
  Lines      16383   16383           
=====================================
+ Hits       13747   13749    +2     
+ Misses      2347    2345    -2     
  Partials     289     289

see 1 file with indirect coverage changes

@MrAlias MrAlias changed the title Bump Go versions used in CI systems Address GO-2024-2687 Apr 3, 2024
@MrAlias MrAlias removed the Skip Changelog PRs that do not require a CHANGELOG.md entry label Apr 3, 2024
@MrAlias MrAlias added this to the v1.25.0 milestone Apr 3, 2024
@MrAlias MrAlias added dependencies Pull requests that update a dependency file and removed dependencies Pull requests that update a dependency file labels Apr 3, 2024
@pellared pellared merged commit afb6af0 into open-telemetry:main Apr 4, 2024
30 of 31 checks passed
@MrAlias MrAlias deleted the bump-go-ver branch April 4, 2024 13:47
This was referenced Apr 4, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dashpole dashpole dashpole approved these changes

@MadVikingGod MadVikingGod MadVikingGod approved these changes

@pellared pellared pellared approved these changes

@XSAM XSAM XSAM approved these changes

@hanyuancheung hanyuancheung hanyuancheung approved these changes

@weslenteche weslenteche weslenteche approved these changes

@Aneurysm9 Aneurysm9 Awaiting requested review from Aneurysm9

@evantorrie evantorrie Awaiting requested review from evantorrie evantorrie is a code owner

@dmathieu dmathieu Awaiting requested review from dmathieu dmathieu is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.25.0
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@MrAlias @dashpole @MadVikingGod @pellared @XSAM @hanyuancheung @weslenteche