luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

security: update go version to 1.20.4 (#17240) 

* update go version to 1.20.3

* add changelog

* rename changelog file to remove underscore

* update to use 1.20.4

* update change log entry to reflect 1.20.4
This commit is contained in:
John Murret 2023-05-08 11:57:11 -06:00 committed by GitHub
parent 1922417443
commit 7c101c27c3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 23 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.changelog/17240.txt Normal file
View File

@ -0,0 +1,12 @@
```release-note:security
Upgrade to use Go 1.20.4.
This resolves vulnerabilities [CVE-2023-24537](https://github.com/advisories/GHSA-9f7g-gqwh-jpf5)(`go/scanner`),
[CVE-2023-24538](https://github.com/advisories/GHSA-v4m2-x4rp-hv22)(`html/template`),
[CVE-2023-24534](https://github.com/advisories/GHSA-8v5j-pwr7-w5f8)(`net/textproto`) and
[CVE-2023-24536](https://github.com/advisories/GHSA-9f7g-gqwh-jpf5)(`mime/multipart`).
Also, `golang.org/x/net` has been updated to v0.7.0 to resolve CVEs [CVE-2022-41721
](https://github.com/advisories/GHSA-fxg5-wq6x-vr4w
), [CVE-2022-27664](https://github.com/advisories/GHSA-69cg-p879-7622) and [CVE-2022-41723
](https://github.com/advisories/GHSA-vvpx-j8f3-3w6h
.)
```

20
.github/workflows/build.yml vendored
View File

@ -82,15 +82,15 @@ jobs:
strategy: strategy:
matrix: matrix:
include: include:
- {go: "1.20.1", goos: "linux", goarch: "386"} - {go: "1.20.4", goos: "linux", goarch: "386"}
- {go: "1.20.1", goos: "linux", goarch: "amd64"} - {go: "1.20.4", goos: "linux", goarch: "amd64"}
- {go: "1.20.1", goos: "linux", goarch: "arm"} - {go: "1.20.4", goos: "linux", goarch: "arm"}
- {go: "1.20.1", goos: "linux", goarch: "arm64"} - {go: "1.20.4", goos: "linux", goarch: "arm64"}
- {go: "1.20.1", goos: "freebsd", goarch: "386"} - {go: "1.20.4", goos: "freebsd", goarch: "386"}
- {go: "1.20.1", goos: "freebsd", goarch: "amd64"} - {go: "1.20.4", goos: "freebsd", goarch: "amd64"}
- {go: "1.20.1", goos: "windows", goarch: "386"} - {go: "1.20.4", goos: "windows", goarch: "386"}
- {go: "1.20.1", goos: "windows", goarch: "amd64"} - {go: "1.20.4", goos: "windows", goarch: "amd64"}
- {go: "1.20.1", goos: "solaris", goarch: "amd64"} - {go: "1.20.4", goos: "solaris", goarch: "amd64"}
fail-fast: true fail-fast: true
name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
@ -179,7 +179,7 @@ jobs:
matrix: matrix:
goos: [ darwin ] goos: [ darwin ]
goarch: [ "amd64", "arm64" ] goarch: [ "amd64", "arm64" ]
go: [ "1.20.1" ] go: [ "1.20.4" ]
fail-fast: true fail-fast: true
name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build

2
build-support/docker/Build-Go.dockerfile
View File

@ -1,7 +1,7 @@
# Copyright (c) HashiCorp, Inc. # Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0 # SPDX-License-Identifier: MPL-2.0
ARG GOLANG_VERSION=1.20.1 ARG GOLANG_VERSION=1.20.4
FROM golang:${GOLANG_VERSION} FROM golang:${GOLANG_VERSION}
WORKDIR /consul WORKDIR /consul