Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[1.3] Bump Go version to 1.21.12: GO-2024-2963 fix #785

Merged
merged 1 commit into from
Jul 4, 2024

Conversation

thedtripp
Copy link
Member

Signed-off-by: D Tripp <38776199+thedtripp@users.noreply.github.com>
@thedtripp thedtripp changed the title [1.3] Bump Go version to 1.21.12: CVE 2024-2963 fix [1.3] Bump Go version to 1.21.12: GO 2024-2963 fix Jul 4, 2024
@thedtripp thedtripp changed the title [1.3] Bump Go version to 1.21.12: GO 2024-2963 fix [1.3] Bump Go version to 1.21.12: GO-2024-2963 fix Jul 4, 2024
Copy link
Member

@ahrtr ahrtr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks

Copy link
Member

@ivanvc ivanvc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks, @thedtripp

@ahrtr ahrtr merged commit 71159e3 into etcd-io:release-1.3 Jul 4, 2024
9 checks passed
@ivanvc
Copy link
Member

ivanvc commented Jul 5, 2024

@ahrtr, we want a 1.3 CHANGELOG entry for this, right?

@ahrtr
Copy link
Member

ahrtr commented Jul 5, 2024

@ahrtr, we want a 1.3 CHANGELOG entry for this, right?

bbolt is used as a library, so its go version doesn't matter. We only need to clarify the minimun golang version to run bbolt, e.g 1.21 for now. It has already clarified in go.mod,

bbolt/go.mod

Line 3 in 71159e3

go 1.21

Regarding golang patch version, we actually do not care much about it. The motivation to bump goalng patch version is to clear security noise (false positive).

So I tend not to update changelog for it.

[Previously we updated changelog for 1.3.10, not a big deal, let's just keep it as it's.]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging this pull request may close these issues.

4 participants