From f829c514ff8b40003a11f61fa2a9d95c942ba8f5 Mon Sep 17 00:00:00 2001
From: Friedrich Gonzalez <friedrichg@gmail.com>
Date: Sat, 12 Oct 2024 18:17:51 +0200
Subject: [PATCH 1/2] Backport go upgrade to patch CVEs

Signed-off-by: Friedrich Gonzalez <friedrichg@gmail.com>
---
 .github/workflows/test-build-deploy.yml | 12 ++++++------
 CHANGELOG.md                            |  3 +++
 Makefile                                |  2 +-
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/test-build-deploy.yml b/.github/workflows/test-build-deploy.yml
index 1820dca0874..ad25c07f293 100644
--- a/.github/workflows/test-build-deploy.yml
+++ b/.github/workflows/test-build-deploy.yml
@@ -17,7 +17,7 @@ jobs:
   lint:
     runs-on: ubuntu-20.04
     container:
-      image: quay.io/cortexproject/build-image:master-779dcf4ba
+      image: quay.io/cortexproject/build-image:master-582c03a76
     steps:
       - name: Checkout Repo
         uses: actions/checkout@v2
@@ -46,7 +46,7 @@ jobs:
   test:
     runs-on: ubuntu-20.04
     container:
-      image: quay.io/cortexproject/build-image:master-779dcf4ba
+      image: quay.io/cortexproject/build-image:master-582c03a76
     steps:
       - name: Checkout Repo
         uses: actions/checkout@v2
@@ -89,7 +89,7 @@ jobs:
   build:
     runs-on: ubuntu-20.04
     container:
-      image: quay.io/cortexproject/build-image:master-779dcf4ba
+      image: quay.io/cortexproject/build-image:master-582c03a76
     steps:
       - name: Checkout Repo
         uses: actions/checkout@v2
@@ -223,14 +223,14 @@ jobs:
         run: |
           touch build-image/.uptodate
           MIGRATIONS_DIR=$(pwd)/cmd/cortex/migrations
-          make BUILD_IMAGE=quay.io/cortexproject/build-image:master-779dcf4ba TTY='' configs-integration-test
+          make BUILD_IMAGE=quay.io/cortexproject/build-image:master-582c03a76 TTY='' configs-integration-test
 
   deploy_website:
     needs: [build, test]
     if: (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/')) && github.repository == 'cortexproject/cortex'
     runs-on: ubuntu-20.04
     container:
-      image: quay.io/cortexproject/build-image:master-779dcf4ba
+      image: quay.io/cortexproject/build-image:master-582c03a76
     steps:
       - name: Checkout Repo
         uses: actions/checkout@v2
@@ -272,7 +272,7 @@ jobs:
     if: (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/')) && github.repository == 'cortexproject/cortex'
     runs-on: ubuntu-20.04
     container:
-      image: quay.io/cortexproject/build-image:master-779dcf4ba
+      image: quay.io/cortexproject/build-image:master-582c03a76
     steps:
       - name: Checkout Repo
         uses: actions/checkout@v2
diff --git a/CHANGELOG.md b/CHANGELOG.md
index d967195ad60..dc65d9d263f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,9 @@
 
 ## master / unreleased
 
+## 1.18.1 2024-10-12
+
+* [BUGFIX] Backporting upgrade to go 1.22.7 to patch CVE-2024-34155, CVE-2024-34156, CVE-2024-34158 #6217 #6264
 
 ## 1.18.0 2024-09-03
 
diff --git a/Makefile b/Makefile
index 80d5396b489..c3666f7af31 100644
--- a/Makefile
+++ b/Makefile
@@ -115,7 +115,7 @@ build-image/$(UPTODATE): build-image/*
 SUDO := $(shell docker info >/dev/null 2>&1 || echo "sudo -E")
 BUILD_IN_CONTAINER := true
 BUILD_IMAGE ?= $(IMAGE_PREFIX)build-image
-LATEST_BUILD_IMAGE_TAG ?= master-779dcf4ba
+LATEST_BUILD_IMAGE_TAG ?= master-582c03a76
 
 # TTY is parameterized to allow Google Cloud Builder to run builds,
 # as it currently disallows TTY devices. This value needs to be overridden

From 364d57bd7801c92fb1e5403cb916444e6fe1fb63 Mon Sep 17 00:00:00 2001
From: Friedrich Gonzalez <friedrichg@gmail.com>
Date: Mon, 14 Oct 2024 08:58:58 +0200
Subject: [PATCH 2/2] Update VERSION file

Signed-off-by: Friedrich Gonzalez <friedrichg@gmail.com>
---
 CHANGELOG.md | 2 +-
 VERSION      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index dc65d9d263f..6b53f6de9a9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,7 +2,7 @@
 
 ## master / unreleased
 
-## 1.18.1 2024-10-12
+## 1.18.1 2024-10-14
 
 * [BUGFIX] Backporting upgrade to go 1.22.7 to patch CVE-2024-34155, CVE-2024-34156, CVE-2024-34158 #6217 #6264
 
diff --git a/VERSION b/VERSION
index 84cc529467b..ec6d649be65 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.18.0
+1.18.1