Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade go version to 1.19.7 to fix CVE-2022-41723 #3978

Merged
merged 3 commits into from
Mar 23, 2023
Merged

upgrade go version to 1.19.7 to fix CVE-2022-41723 #3978

merged 3 commits into from
Mar 23, 2023

Conversation

cwen0
Copy link
Member

@cwen0 cwen0 commented Mar 23, 2023
edited
Loading

What problem does this PR solve?

Upgrade go version to v1.19.7 to fix CVE-2022-41723, refer to: golang/go#58355 golang/go@5c3e11b

What's changed and how it works?

Related changes

  • This change also requires further updates to the website (e.g. docs)
  • This change also requires further updates to the UI interface
  • Need to cheery-pick to release branches
    • release-2.5
    • release-2.4

Checklist

CHANGELOG

  • I have updated the CHANGELOG.md
  • I have labeled this PR with "no-need-update-changelog"

Tests

  • Unit test
  • E2E test
  • No code
  • Manual test (add steps below)

Side effects

  • Breaking backward compatibility

DCO

If you find the DCO check fails, please run commands like below (Depends on the actual situations. For example, if the failed commit isn't the most recent) to fix it:

git commit --amend --signoff
git push --force

@cwen0
build-env: upgrade go version to 1.19.7
d6daee9 
Signed-off-by: Cwen Yin <cwenyin0@gmail.com>
@ti-chi-bot
Copy link
Member

ti-chi-bot commented Mar 23, 2023
edited
Loading

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • g1eny0ung

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@cwen0
update changelog
46ecc9b 
Signed-off-by: Cwen Yin <cwenyin0@gmail.com>
@cwen0 cwen0 changed the title build-env: upgrade go version to 1.19.7 build-env: upgrade go version to 1.19.7 to fix CVE-2022-41723, Mar 23, 2023
@cwen0 cwen0 changed the title build-env: upgrade go version to 1.19.7 to fix CVE-2022-41723, build-env: upgrade go version to 1.19.7 to fix CVE-2022-41723 Mar 23, 2023
@cwen0 cwen0 changed the title build-env: upgrade go version to 1.19.7 to fix CVE-2022-41723 upgrade go version to 1.19.7 to fix CVE-2022-41723 Mar 23, 2023
@g1eny0ung g1eny0ung added the rebuild-build-env-image rebuild build-env image in this PR label Mar 23, 2023
g1eny0ung
g1eny0ung requested changes Mar 23, 2023
View reviewed changes
CHANGELOG.md Outdated Show resolved Hide resolved
@cwen0
address comment
b7cea03 
Signed-off-by: Cwen Yin <cwenyin0@gmail.com>
@cwen0 cwen0 requested a review from g1eny0ung March 23, 2023 14:34
@g1eny0ung g1eny0ung removed the request for review from AsterNighT March 23, 2023 14:46
@g1eny0ung
Copy link
Member

/merge

@ti-chi-bot
Copy link
Member

This pull request has been accepted and is ready to merge.

Commit hash: b7cea03

@g1eny0ung g1eny0ung merged commit e095ade into chaos-mesh:master Mar 23, 2023
@ti-chi-bot ti-chi-bot mentioned this pull request Mar 23, 2023
Merged
11 tasks
@ti-chi-bot
Copy link
Member

In response to a cherrypick label: new pull request created to branch release-2.5: #3979.

@cwen0 cwen0 deleted the upgrade-go-version branch March 24, 2023 01:35
@cwen0 cwen0 mentioned this pull request Mar 24, 2023
Merged
11 tasks
@ti-chi-bot ti-chi-bot mentioned this pull request Mar 26, 2023
Merged
11 tasks
g1eny0ung added a commit that referenced this pull request Mar 26, 2023
@ti-chi-bot @cwen0 @g1eny0ung
upgrade go version to 1.19.7 to fix CVE-2022-41723 (#3978) (#3979)
4e43029 
* This is an automated cherry-pick of #3978

Signed-off-by: ti-chi-bot <ti-community-prow-bot@tidb.io>

* Update Dockerfile

---------

Signed-off-by: ti-chi-bot <ti-community-prow-bot@tidb.io>
Co-authored-by: Cwen Yin <cwenyin0@gmail.com>
Co-authored-by: Yue Yang <g1enyy0ung@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@g1eny0ung g1eny0ung g1eny0ung approved these changes

Assignees
No one assigned
Labels
needs-cherry-pick-release-2.5 rebuild-build-env-image rebuild build-env image in this PR require-LGT1 size/XS status/can-merge status/LGT1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cwen0 @ti-chi-bot @g1eny0ung