Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Address GO-2024-2687 #5139

Merged
merged 3 commits into from
Apr 4, 2024
Merged

Address GO-2024-2687 #5139

merged 3 commits into from
Apr 4, 2024

Conversation

MrAlias
Copy link
Contributor

@MrAlias MrAlias commented Apr 3, 2024

  • The latest releases of Go 1.22 and 1.21 contain security fix for net/http. Explicitly set the CI system to not use vulnerable versions when testing so our vulnerable checker does not fail (and we aren't vulnerable).
  • Upgrade all dependencies of golang.org/x/net to v0.23.0

The latest releases of Go 1.22 and 1.21 contain security fixes for
`net/http`. Explicitly set the CI system to not use vulnerable versions
when testing so our vulnerable checker does not fail (and we aren't
vulnerable).
@MrAlias MrAlias added the Skip Changelog PRs that do not require a CHANGELOG.md entry label Apr 3, 2024
@MrAlias MrAlias marked this pull request as ready for review April 3, 2024 23:13
Copy link

codecov bot commented Apr 3, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 83.9%. Comparing base (6c6e1e7) to head (1ea84b3).

Additional details and impacted files

Impacted file tree graph

@@          Coverage Diff          @@
##            main   #5139   +/-   ##
=====================================
  Coverage   83.9%   83.9%           
=====================================
  Files        248     248           
  Lines      16383   16383           
=====================================
+ Hits       13747   13749    +2     
+ Misses      2347    2345    -2     
  Partials     289     289           

see 1 file with indirect coverage changes

@MrAlias MrAlias changed the title Bump Go versions used in CI systems Address GO-2024-2687 Apr 3, 2024
@MrAlias MrAlias removed the Skip Changelog PRs that do not require a CHANGELOG.md entry label Apr 3, 2024
@MrAlias MrAlias added this to the v1.25.0 milestone Apr 3, 2024
@MrAlias MrAlias added dependencies Pull requests that update a dependency file and removed dependencies Pull requests that update a dependency file labels Apr 3, 2024
@pellared pellared merged commit afb6af0 into open-telemetry:main Apr 4, 2024
30 of 31 checks passed
@MrAlias MrAlias deleted the bump-go-ver branch April 4, 2024 13:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants