Skip to content

Address GO-2024-2687#5139

Merged
pellared merged 3 commits intoopen-telemetry:mainfrom
MrAlias:bump-go-ver
Apr 4, 2024
Merged

Address GO-2024-2687#5139
pellared merged 3 commits intoopen-telemetry:mainfrom
MrAlias:bump-go-ver

Conversation

@MrAlias
Copy link
Copy Markdown
Contributor

@MrAlias MrAlias commented Apr 3, 2024
edited
Loading

  • The latest releases of Go 1.22 and 1.21 contain security fix for net/http. Explicitly set the CI system to not use vulnerable versions when testing so our vulnerable checker does not fail (and we aren't vulnerable).
  • Upgrade all dependencies of golang.org/x/net to v0.23.0

@MrAlias
Bump Go versions used in CI systems
163657e 
The latest releases of Go 1.22 and 1.21 contain security fixes for
`net/http`. Explicitly set the CI system to not use vulnerable versions
when testing so our vulnerable checker does not fail (and we aren't
vulnerable).
@MrAlias MrAlias added the Skip Changelog PRs that do not require a CHANGELOG.md entry label Apr 3, 2024
@MrAlias MrAlias marked this pull request as ready for review April 3, 2024 23:13
@MrAlias MrAlias mentioned this pull request Apr 3, 2024
Merged
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 3, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 83.9%. Comparing base (6c6e1e7) to head (1ea84b3).

Additional details and impacted files

Impacted file tree graph

@@          Coverage Diff          @@
##            main   #5139   +/-   ##
=====================================
  Coverage   83.9%   83.9%           
=====================================
  Files        248     248           
  Lines      16383   16383           
=====================================
+ Hits       13747   13749    +2     
+ Misses      2347    2345    -2     
  Partials     289     289

see 1 file with indirect coverage changes

@MrAlias MrAlias changed the title Bump Go versions used in CI systems Address GO-2024-2687 Apr 3, 2024
@MrAlias MrAlias removed the Skip Changelog PRs that do not require a CHANGELOG.md entry label Apr 3, 2024
@MrAlias MrAlias added this to the v1.25.0 milestone Apr 3, 2024
@MrAlias MrAlias added dependencies Pull requests that update a dependency file and removed dependencies Pull requests that update a dependency file labels Apr 3, 2024
@pellared pellared merged commit afb6af0 into open-telemetry:main Apr 4, 2024
@MrAlias MrAlias deleted the bump-go-ver branch April 4, 2024 13:47
This was referenced Apr 4, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dashpole dashpole dashpole approved these changes

@pellared pellared pellared approved these changes

@XSAM XSAM XSAM approved these changes

@Aneurysm9 Aneurysm9 Awaiting requested review from Aneurysm9

@evantorrie evantorrie Awaiting requested review from evantorrie

@dmathieu dmathieu Awaiting requested review from dmathieu dmathieu is a code owner

+3 more reviewers

@MadVikingGod MadVikingGod MadVikingGod approved these changes

@hanyuancheung hanyuancheung hanyuancheung approved these changes

@weslenteche weslenteche weslenteche approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v1.25.0

Development

Successfully merging this pull request may close these issues.

7 participants

@MrAlias @dashpole @MadVikingGod @pellared @XSAM @hanyuancheung @weslenteche