Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Go main branch to 1.23.1 release branches to 1.22.7 #18548

Closed
10 tasks done
Tracked by #18486 ...
ivanvc opened this issue Sep 5, 2024 · 12 comments
Closed
10 tasks done
Tracked by #18486 ...

Update Go main branch to 1.23.1 release branches to 1.22.7 #18548

ivanvc opened this issue Sep 5, 2024 · 12 comments
Assignees
Labels
area/security area/tooling priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. type/feature

Comments

@ivanvc
Copy link
Member

ivanvc commented Sep 5, 2024

What would you like to be added?

Go 1.23.1 and 1.22.7 were released today. They include fixes for CVE-2024-34155, CVE-2022-30635, CVE-2024-34156, and CVE-2024-34158.

Completion tracking below:

Why is this needed?

To keep the project updated with the latest released Go version and address the vulnerabilities.

@ivanvc
Copy link
Member Author

ivanvc commented Sep 5, 2024

Supersedes #18443.

@ahrtr
Copy link
Member

ahrtr commented Sep 5, 2024

Let's bump go1.22.7 for both 3.5 and 3.4 as a priority, thanks

@ivanvc
Copy link
Member Author

ivanvc commented Sep 5, 2024

I'll do 3.4, 3.5, and the CHANGELOG today.

@ivanvc
Copy link
Member Author

ivanvc commented Sep 5, 2024

/assign

@henrybear327
Copy link
Contributor

/assign
I will do the rest

@ArkaSaha30
Copy link
Contributor

/assign
I can share a few with @henrybear327

@ivanvc
Copy link
Member Author

ivanvc commented Sep 10, 2024

With kubernetes/test-infra#33452 merged (which fixes the govulncheck presubmit job). It will fail for all PR targeting the main branch, as it still uses Go 1.22.6.

Should we update main to 1.22.7 while we're working on #18444?

@ahrtr
Copy link
Member

ahrtr commented Sep 11, 2024

Should we update main to 1.22.7 while we're working on #18444?

Agreed. It should be a quick fix.

@henrybear327
Copy link
Contributor

Should we update main to 1.22.7 while we're working on #18444?

Agreed. It should be a quick fix.

I will do this for now! @ahrtr @ivanvc

I have been making changes in the test-infra, but since the upstream is still on 1.22.x, I have been experimenting with creating a new 1.23.1 docker image that we can use for our pipeline. Will see what the maintainers there think about the change! :)

henrybear327 added a commit to henrybear327/etcd that referenced this issue Sep 11, 2024
henrybear327 added a commit to henrybear327/etcd that referenced this issue Sep 11, 2024
@ivanvc ivanvc removed their assignment Sep 11, 2024
@ivanvc
Copy link
Member Author

ivanvc commented Sep 26, 2024

Hi @henrybear327, it looks like the kubekins image now supports Go 1.23.0, as it was done in the pull request kubernetes/test-infra#33408. Would you still like to update the main branch to 1.23.1, or should we assign it to someone else?

Thanks.

@henrybear327
Copy link
Contributor

Hi @henrybear327, it looks like the kubekins image now supports Go 1.23.0, as it was done in the pull request kubernetes/test-infra#33408. Would you still like to update the main branch to 1.23.1, or should we assign it to someone else?

Thanks.

@ivanvc I will push out my local branch in a bit (I had it done a while ago already!)

Thanks!

@ivanvc
Copy link
Member Author

ivanvc commented Sep 29, 2024

Thanks, team. I'm closing this issue as there are no remaining tasks.
🎉

@ivanvc ivanvc closed this as completed Sep 29, 2024
a-nych pushed a commit to a-nych/etcd that referenced this issue Oct 16, 2024
a-nych pushed a commit to a-nych/etcd that referenced this issue Oct 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/security area/tooling priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. type/feature
Development

No branches or pull requests

4 participants