-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[dependencies] update go version to 1.22 and update vulnerable dependencies #1034
[dependencies] update go version to 1.22 and update vulnerable dependencies #1034
Conversation
e65bb70
to
886a5b4
Compare
886a5b4
to
e954ae4
Compare
This looks good to me, thanks -- @barroco could you also take a look to make sure I didn't miss anything, especially as may relate to deployment considerations?
This is worrying and invalidates running locally as a verification method. Our CI tests essentially never fail in this way, so this seems like something particular to your local environment. If your local environment is not suitable for testing, we would want to fix that in order to enable verification of changes locally. If there is some shortcoming of the project that was causing failures locally but not in the CI, we'd very much want to identify and fix that. |
I can reliably run into the problem with the Without the Should I open an issue on the monitoring repository to address the problem with the message_signing config?
|
Yes please open an issue and attach a representative report if you can't fix reliably your environment. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me as is. I think the next step will be to test it on a full scale deployment, which will be done with the next release.
Done -> interuss/monitoring#693 |
This PR updates specific dependencies that have CVE warnings, and updates the Go version from 1.17 (which is not maintained anymore) to 1.22.
Golangci-lint also needed to be updated, and the
golint
linter removed, as it has no effect anymore.Notes
I considered only bumping the vulnerable dependencies, but
go mod tidy
was failing with go 1.17. I believe the test coverage is sufficient for us to do such an update confidently.A pass of updates on the other dependencies (if any) will happen in an upcoming PR.
This PR also adds a call to
go env
in theJob Information
CI step to help troubleshoot issues with the Go toolchain version being run.Testing
I ran this with the current
master
version of the uss_qualifier using all available configurations and did not run into particular issues.(*)(*) with the exception of a WARNING related to flight planning, which is a common occurrence for me when running all the qualifier configurations locally