go 1.15.1

[chenrui333]

Created with brew bump-formula-pr.

[mojotx]

Out of curiosity, is there anything blocking this PR? Go 1.15.1 is a security fix for golang/go#40928.

For more information: https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-004/-inconsistent-behavior-of-gos-cgi-and-fastcgi-transport-may-lead-to-cross-site-scripting

Whoops, that was the wrong button

[SMillerDev]

Out of curiosity, is there anything blocking this PR?

The failing formula are, they need to be checked and fixed.

[mojotx]

Out of curiosity, is there anything blocking this PR?

The failing formula are, they need to be checked and fixed.

Okay, it looks like a dependency issue with the charm recipe. If nobody beats me to it, I will dig into it later.

==> go build github.com/juju/charmstore-client/cmd/charm
Last 150 lines from /Users/brew/actions-runner/_work/homebrew-core/homebrew-core/bottles/logs/charm/03.go:
2020-09-01 22:18:48 +0100

go
build
github.com/juju/charmstore-client/cmd/charm

go: gopkg.in/juju/charmstore.v5@v5.6.4 requires
	github.com/CanonicalLtd/omniutils@v0.0.0-20180607151646-ed3ed7dca482: invalid version: git fetch -f origin refs/heads/*:refs/heads/* refs/tags/*:refs/tags/* in /private/tmp/charm-20200901-29376-1iaj8qk/charmstore-client-2.4.0/pkg/mod/cache/vcs/05d357a6fb7db8f493808e9721a54716ec1be125069f304bb38b18b745c601ec: exit status 128:
	fatal: could not read Username for 'https://github.com': terminal prompts disabled

READ THIS: https://docs.brew.sh/Troubleshooting

[ydnar]

Every Go update breaks some upstream formula.

Perhaps we shouldn’t block security updates on broken or abandoned dependent formula?

[chenrui333]

previous failure list with go1.15

Final failures:

• brew install --build-from-source charm -- known issue Build failure on macOS juju/charmstore-client#209
• brew install --build-from-source grv (on Mojave only) -- known issue can not build grv on Mojave rgburke/grv#107
• brew install --build-from-source mmctl -- already fixed by mmctl: release retag #59561
• brew install --build-from-source wellington -- known issue Create a new release wellington/wellington#218

[chenrui333]

@ydnar that is true, but let's minimize the impact and the disruption. (I am going to see what I can do really quick)

[ydnar]

@chenrui333 anyway to record which failures aren’t regressions?

Maybe mark which tests are known failures, so they can be ignored if they fail in subsequent builds (or re-fail if they pass)?

[chenrui333]

yeah, the merge decision is usually ad-hoc as well, so knowing the previous failures is actually pretty trivial.

[ydnar]

Aye. It's more the time. The smoke tests take long enough, and then there's the inevitable back and forth discussion while Go dev moves forward. 1.15.2 is almost ready.

My opinion: Ad-hoc process shouldn't block security updates. For major/minor updates, sure.

[chenrui333]

Aye. It's more the time. The smoke tests take long enough, and then there's the inevitable back and forth discussion while Go dev moves forward. 1.15.2 is almost ready.

My opinion: Ad-hoc process shouldn't block security updates. For major/minor updates, sure.

Alright, let's merge this security fix, I will follow up with the regression testing failures. Appreciate your idea in here.

[BrewTestBot]

@chenrui333 has triggered a merge.

[chenrui333]

record the upgrade failure in here