Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build with go 1.21 and update dependencies #1427

Merged
merged 1 commit into from
Feb 15, 2024
Merged

build with go 1.21 and update dependencies #1427

merged 1 commit into from
Feb 15, 2024

Conversation

b-dean
Copy link
Contributor

@b-dean b-dean commented Feb 1, 2024

also run go get -u ./... to update all the dependencies

in particular, this fixes these vulnerabilities that show up in our scans:

Component Version Vulnerability Severity
github.com/cloudflare/circl v1.3.3 GHSA-9763-4f94-gfch high
go 1.20.8 CVE-2023-45285 high
go 1.20.8 CVE-2023-45283 high
go 1.20.8 CVE-2023-39325 high
go 1.20.8 CVE-2023-39323 high

@b-dean b-dean force-pushed the go-1.21-update-deps branch from 9ffd771 to 2422c97 Compare February 1, 2024 20:20
@hiddeco
Copy link
Member

hiddeco commented Feb 6, 2024

Can you please rebase this so we can get the Go 1.21 update in? The dependency updates should have been dealt with due to me merging the outstanding Dependabot PRs. Thanks 🍒

@b-dean b-dean force-pushed the go-1.21-update-deps branch from 2422c97 to 7589158 Compare February 6, 2024 15:46
@hiddeco
Copy link
Member

hiddeco commented Feb 9, 2024

Please run make vendor and amend to your commit. This should make CI pass.

@b-dean
build with go 1.21
12756c8 
also run `go get -u ./...` to update all the dependencies

Signed-off-by: Ben Dean <[email protected]>
@b-dean b-dean force-pushed the go-1.21-update-deps branch from 7589158 to 12756c8 Compare February 13, 2024 19:56
@b-dean
Copy link
Contributor Author

b-dean commented Feb 14, 2024

@hiddeco, should be good

hiddeco
hiddeco approved these changes Feb 15, 2024
View reviewed changes
Copy link
Member

@hiddeco hiddeco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @b-dean 🙇

@hiddeco hiddeco merged commit 56b06d6 into getsops:main Feb 15, 2024
9 checks passed
@b-dean b-dean deleted the go-1.21-update-deps branch February 15, 2024 21:17
@felixfontein felixfontein mentioned this pull request Jun 2, 2024
Merged
This was referenced Jun 28, 2024
Open
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hiddeco hiddeco hiddeco approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@b-dean @hiddeco