Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(deps): bump to go 1.22 for cve-2023-45288 #189

Merged
merged 1 commit into from
Apr 15, 2024
Merged

feat(deps): bump to go 1.22 for cve-2023-45288 #189

merged 1 commit into from
Apr 15, 2024

Conversation

defgenx
Copy link
Contributor

@defgenx defgenx commented Apr 9, 2024
edited by ahmetb

Description

  • Bump to go 1.22 to fix the CVE vulnerability.
  • Bump dependencies at the same time.

Fixes #188.

@defgenx defgenx mentioned this pull request Apr 9, 2024
Closed
@ahmetb
Copy link
Collaborator

ahmetb commented Apr 9, 2024

Can you also update .github/workflows files please?

@defgenx
Copy link
Contributor Author

defgenx commented Apr 9, 2024

Can you also update .github/workflows files please?

Looks like github workflows are already in go 1.22. Maybe I don't understand what you're asking me to do :').

@defgenx defgenx force-pushed the feat/upgrade-go-cve-2023-45288 branch from 6516f7f to caa6da3 Compare April 9, 2024 15:26
@defgenx
Copy link
Contributor Author

defgenx commented Apr 9, 2024
edited

I just modified how I applied the deps update to stick with how it was done until now.

I think bumping the go version is useless (it can be a problem for people using it with old go versions). We just need to merge a PR from dependabot (or any other one reviewed and ready to be merged) and tag it to use the last go version released.

If you do that I can quickly test the new release you'll publish and then close this PR and the linked issue if it works.

@defgenx
Copy link
Contributor Author

defgenx commented Apr 15, 2024

Is it possible for a maintainer to read my last comment ? 🙇

@ahmetb ahmetb merged commit cc08926 into grpc-ecosystem:master Apr 15, 2024
1 check passed
@defgenx defgenx deleted the feat/upgrade-go-cve-2023-45288 branch April 16, 2024 07:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix CVE-2023-45288
2 participants
@defgenx @ahmetb