Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update go version to 1.21.8 #17539

Closed
wants to merge 1 commit into from
Closed

Update go version to 1.21.8 #17539

wants to merge 1 commit into from

Conversation

liangyuanpeng
Copy link
Contributor

@liangyuanpeng liangyuanpeng commented Mar 6, 2024
edited
Loading

Changes:

  • Update go version to 1.21.8 for better security.

/hold

Fixes: #17533

Please read https://github.com/etcd-io/etcd/blob/main/CONTRIBUTING.md#contribution-flow.

@liangyuanpeng
Update go version to 1.21.8
239b02c 
Signed-off-by: Lan Liang <gcslyp@gmail.com>
@k8s-ci-robot
Copy link

Hi @liangyuanpeng. Thanks for your PR.

I'm waiting for a etcd-io member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

jmhbnz
jmhbnz reviewed Mar 6, 2024
View reviewed changes
Copy link
Member

@jmhbnz jmhbnz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggest putting changelog entries as a separate pr. Or at minimum separate commit.

@jmhbnz
Copy link
Member

jmhbnz commented Mar 6, 2024

/ok-to-test

@liangyuanpeng
Copy link
Contributor Author

liangyuanpeng commented Mar 6, 2024
edited
Loading

Suggest putting changelog entries as a separate pr. Or at minimum separate commit.

Sure, let me create a new PR for CHANGE LOG.

@jmhbnz CI complains about needing to upgrade grpc protobuf dependencies, so I might create a separate PR to upgrade dependencies. Do we have a script for dependency upgrades? Or do we need to manually update each module?

I have found that verify-deps at Makefile , but not update-deps

=== Symbol Results ===

Vulnerability #1: GO-2024-2611
    Infinite loop in JSON unmarshaling in google.golang.org/protobuf
  More info: https://pkg.go.dev/vuln/GO-2024-2611
  Module: google.golang.org/protobuf
    Found in: google.golang.org/protobuf@v1.32.0
    Fixed in: google.golang.org/protobuf@v1.33.0
    Example traces found:
Error:       #1: contrib/lock/storage/storage.go:106:28: storage.main calls http.ListenAndServe, which eventually calls json.Decoder.Peek
Error:       #2: contrib/lock/storage/storage.go:106:28: storage.main calls http.ListenAndServe, which eventually calls json.Decoder.Read
Error:       #3: contrib/lock/storage/storage.go:106:28: storage.main calls http.ListenAndServe, which eventually calls protojson.UnmarshalOptions.Unmarshal

@jmhbnz
Copy link
Member

jmhbnz commented Mar 6, 2024

I believe @ivanvc will be opening pr for this weeks dependency updates tomorrow as per #17428 (comment).

We definitely need help in future with dependencies, we have instructions and a rotation worksheet here: https://github.com/etcd-io/etcd/blob/main/Documentation/contributor-guide/dependency_management.md

@ivanvc ivanvc mentioned this pull request Mar 6, 2024
Merged
8 tasks
@ahrtr
Copy link
Member

ahrtr commented Mar 6, 2024

Superseded by #17393

@ahrtr ahrtr closed this Mar 6, 2024
@liangyuanpeng liangyuanpeng deleted the update_go_1.21.8 branch March 7, 2024 02:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmhbnz jmhbnz jmhbnz left review comments

Assignees
No one assigned
Labels
ok-to-test
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Bump golang version to 1.21.8
4 participants
@liangyuanpeng @k8s-ci-robot @jmhbnz @ahrtr