Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(deps): bump to go 1.22 for cve-2023-45288 #189

Merged
merged 1 commit into from
Apr 15, 2024
Merged

feat(deps): bump to go 1.22 for cve-2023-45288 #189

merged 1 commit into from
Apr 15, 2024

Conversation

defgenx
Copy link
Contributor

@defgenx defgenx commented Apr 9, 2024

Description

  • Bump to go 1.22 to fix the CVE vulnerability.
  • Bump dependencies at the same time.

Fixes #188.

@defgenx defgenx mentioned this pull request Apr 9, 2024
@ahmetb
Copy link
Collaborator

ahmetb commented Apr 9, 2024

Can you also update .github/workflows files please?

@defgenx
Copy link
Contributor Author

defgenx commented Apr 9, 2024

Can you also update .github/workflows files please?

Looks like github workflows are already in go 1.22. Maybe I don't understand what you're asking me to do :').

@defgenx
Copy link
Contributor Author

defgenx commented Apr 9, 2024

I just modified how I applied the deps update to stick with how it was done until now.

I think bumping the go version is useless (it can be a problem for people using it with old go versions). We just need to merge a PR from dependabot (or any other one reviewed and ready to be merged) and tag it to use the last go version released.

If you do that I can quickly test the new release you'll publish and then close this PR and the linked issue if it works.

@defgenx
Copy link
Contributor Author

defgenx commented Apr 15, 2024

Is it possible for a maintainer to read my last comment ? 🙇

@ahmetb ahmetb merged commit cc08926 into grpc-ecosystem:master Apr 15, 2024
1 check passed
@defgenx defgenx deleted the feat/upgrade-go-cve-2023-45288 branch April 16, 2024 07:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Fix CVE-2023-45288
2 participants