-
Notifications
You must be signed in to change notification settings - Fork 541
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade golang to 1.22.5 #8600
Upgrade golang to 1.22.5 #8600
Conversation
This addresses [CVE-2024-24791](https://nvd.nist.gov/vuln/detail/CVE-2024-24791) Signed-off-by: Dimitar Dimitrov <[email protected]>
Building new version of mimir-build-image. After image is built and pushed to Docker Hub, a new commit will automatically be added to this PR with new image version |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. we already have golang-ci at latest 1.59.1, giving a pre-approve. during build image is pushed and commit appended.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we note this in the changelog also? I see we've omitted that since Go 1.22.2.
Signed-off-by: Dimitar Dimitrov <[email protected]>
pushed now 👍 I was waiting for CI to pass before pushing the entry as to not interrupt the process. Is it safe to push a commit while the build is ongoing |
Not building new version of mimir-build-image. This PR modifies |
GitHub Actions just cancels the outdated build. |
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new branch
git switch --create backport-8600-to-release-2.13 origin/release-2.13
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x ddea70bd87fa40ad8654154280276de631fccea6
# Push it to GitHub
git push --set-upstream origin backport-8600-to-release-2.13
git switch main
# Remove the local backport branch
git branch -D backport-8600-to-release-2.13 Then, create a pull request where the |
* Upgrade golang to 1.22.5 This addresses [CVE-2024-24791](https://nvd.nist.gov/vuln/detail/CVE-2024-24791) Signed-off-by: Dimitar Dimitrov <[email protected]> * Update build image version to pr8600-8a8fd767c7 * Add CHANGELOG.md entry Signed-off-by: Dimitar Dimitrov <[email protected]> --------- Signed-off-by: Dimitar Dimitrov <[email protected]> Co-authored-by: dimitarvdimitrov <[email protected]> (cherry picked from commit ddea70b)
* Upgrade golang to 1.22.5 (#8600) * Upgrade golang to 1.22.5 This addresses [CVE-2024-24791](https://nvd.nist.gov/vuln/detail/CVE-2024-24791) Signed-off-by: Dimitar Dimitrov <[email protected]> * Update build image version to pr8600-8a8fd767c7 * Add CHANGELOG.md entry Signed-off-by: Dimitar Dimitrov <[email protected]> --------- Signed-off-by: Dimitar Dimitrov <[email protected]> Co-authored-by: dimitarvdimitrov <[email protected]> (cherry picked from commit ddea70b) * Update Makefile * Update build image version to pr8604-40bd216be4 --------- Co-authored-by: dimitarvdimitrov <[email protected]>
What this PR does
This addresses CVE-2024-24791. Golang release.
Checklist
CHANGELOG.md
updated - the order of entries should be[CHANGE]
,[FEATURE]
,[ENHANCEMENT]
,[BUGFIX]
.about-versioning.md
updated with experimental features.