Skip to content

Backport of [NET-4865] security: Update Go version to 1.20.6 into release/1.16.x#18195

Merged
hc-github-team-consul-core merged 1 commit intorelease/1.16.xfrom
backport/zalimeni/net-4865-bump-go-cve/equally-tops-dingo
Jul 19, 2023
Merged

Backport of [NET-4865] security: Update Go version to 1.20.6 into release/1.16.x#18195
hc-github-team-consul-core merged 1 commit intorelease/1.16.xfrom
backport/zalimeni/net-4865-bump-go-cve/equally-tops-dingo

Conversation

@hc-github-team-consul-core
Copy link
Collaborator

@hc-github-team-consul-core hc-github-team-consul-core commented Jul 19, 2023

Backport

This PR is auto-generated from #18190 to be assessed for backporting due to the inclusion of the label backport/1.16.

The below text is copied from the body of the original PR.

This resolves CVE-2023-29406 for uses of the net/http standard library.

Note that until the follow-up to #18124 is done, the version of Go used in those impacted tests will need to remain on 1.20.5.

See related PR for golang.org/x/net dependencies: #18186

Description

Resolves CVE and brings us up to the latest version of Go.

Testing & Reproduction steps

Tests should continue to pass.

Links

https://nvd.nist.gov/vuln/detail/CVE-2023-29406
https://go-review.googlesource.com/c/go/+/506996
https://go-review.googlesource.com/c/net/+/506995

PR Checklist

  • updated test coverage
  • external facing docs updated
  • appropriate backport labels added
  • not a security concern
Overview of commits

@hc-github-team-consul-core hc-github-team-consul-core requested a review from a team July 19, 2023 21:02
@hc-github-team-consul-core hc-github-team-consul-core requested a review from a team as a code owner July 19, 2023 21:02
@hc-github-team-consul-core hc-github-team-consul-core requested review from dekimsey and removed request for a team July 19, 2023 21:02
@hc-github-team-consul-core hc-github-team-consul-core force-pushed the backport/zalimeni/net-4865-bump-go-cve/equally-tops-dingo branch 2 times, most recently from 52a041d to 694ed87 Compare July 19, 2023 21:02
@hc-github-team-consul-core hc-github-team-consul-core enabled auto-merge (squash) July 19, 2023 21:02
@github-actions github-actions bot added type/ci Relating to continuous integration (CI) tooling for testing or releases theme/contributing Additions and enhancements to community contributing materials labels Jul 19, 2023
github-team-consul-core-pr-approver
github-team-consul-core-pr-approver approved these changes Jul 19, 2023
View reviewed changes
Copy link
Collaborator

@github-team-consul-core-pr-approver github-team-consul-core-pr-approver left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto approved Consul Bot automated PR

@hc-github-team-consul-core hc-github-team-consul-core merged commit ec0072c into release/1.16.x Jul 19, 2023
@hc-github-team-consul-core hc-github-team-consul-core deleted the backport/zalimeni/net-4865-bump-go-cve/equally-tops-dingo branch July 19, 2023 21:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-team-consul-core-pr-approver github-team-consul-core-pr-approver github-team-consul-core-pr-approver approved these changes

@dekimsey dekimsey Awaiting requested review from dekimsey

@alvin-huang alvin-huang Awaiting requested review from alvin-huang

@zalimeni zalimeni Awaiting requested review from zalimeni

Assignees

@zalimeni zalimeni

Labels

theme/contributing Additions and enhancements to community contributing materials type/ci Relating to continuous integration (CI) tooling for testing or releases

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hc-github-team-consul-core @github-team-consul-core-pr-approver @zalimeni