From 7ff18d219ffdd866b766f90b4d7dd0e037b406b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Tue, 5 Mar 2024 22:04:00 +0100 Subject: [PATCH] update to go1.21.8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit go1.21.8 (released 2024-03-05) includes 5 security fixes: - crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783, https://go.dev/issue/65390) - net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290, https://go.dev/issue/65383) - net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289, https://go.dev/issue/65065) - html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785, https://go.dev/issue/65697) - net/mail: comments in display names are incorrectly handled (CVE-2024-24784, https://go.dev/issue/65083) View the release notes for more information: https://go.dev/doc/devel/release#go1.21.8 - https://github.com/golang/go/issues?q=milestone%3AGo1.21.8+label%3ACherryPickApproved - full diff: https://github.com/golang/go/compare/go1.21.6...go1.21.8 Signed-off-by: Paweł Gronowski (cherry picked from commit 3b7747794392e448a9b5ea9cef85972258e0aa2b) Signed-off-by: Austin Vazquez --- .github/workflows/test.yml | 2 +- Dockerfile | 2 +- docker-bake.hcl | 2 +- dockerfiles/Dockerfile.dev | 2 +- dockerfiles/Dockerfile.lint | 2 +- dockerfiles/Dockerfile.vendor | 2 +- e2e/testdata/Dockerfile.gencerts | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2def3d7353..6e5f550c8c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -63,7 +63,7 @@ jobs: name: Set up Go uses: actions/setup-go@v3 with: - go-version: 1.21.7 + go-version: 1.21.8 - name: Test run: | diff --git a/Dockerfile b/Dockerfile index 78fed8bd83..f7adec96af 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 ARG BASE_VARIANT=alpine -ARG GO_VERSION=1.21.7 +ARG GO_VERSION=1.21.8 ARG ALPINE_VERSION=3.18 ARG XX_VERSION=1.1.1 ARG GOVERSIONINFO_VERSION=v1.3.0 diff --git a/docker-bake.hcl b/docker-bake.hcl index 2be99233f3..fccd070888 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -1,5 +1,5 @@ variable "GO_VERSION" { - default = "1.21.7" + default = "1.21.8" } variable "VERSION" { default = "" diff --git a/dockerfiles/Dockerfile.dev b/dockerfiles/Dockerfile.dev index 0217fdf80e..ae3b7153bc 100644 --- a/dockerfiles/Dockerfile.dev +++ b/dockerfiles/Dockerfile.dev @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.7 +ARG GO_VERSION=1.21.8 ARG ALPINE_VERSION=3.18 ARG BUILDX_VERSION=0.11.2 diff --git a/dockerfiles/Dockerfile.lint b/dockerfiles/Dockerfile.lint index c98c559f65..4c9a246fa9 100644 --- a/dockerfiles/Dockerfile.lint +++ b/dockerfiles/Dockerfile.lint @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.7 +ARG GO_VERSION=1.21.8 ARG ALPINE_VERSION=3.18 ARG GOLANGCI_LINT_VERSION=v1.54.2 diff --git a/dockerfiles/Dockerfile.vendor b/dockerfiles/Dockerfile.vendor index 1fc74d9535..897176a5a2 100644 --- a/dockerfiles/Dockerfile.vendor +++ b/dockerfiles/Dockerfile.vendor @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.7 +ARG GO_VERSION=1.21.8 ARG ALPINE_VERSION=3.18 ARG MODOUTDATED_VERSION=v0.8.0 diff --git a/e2e/testdata/Dockerfile.gencerts b/e2e/testdata/Dockerfile.gencerts index 7a3590f43e..f47d3d6956 100644 --- a/e2e/testdata/Dockerfile.gencerts +++ b/e2e/testdata/Dockerfile.gencerts @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.21.7 +ARG GO_VERSION=1.21.8 FROM golang:${GO_VERSION}-alpine AS generated RUN go install github.com/dmcgowan/quicktls@master