Skip to content

bumping golang to 1.21.9 #1605

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

bumping golang to 1.21.9 #1605

wants to merge 1 commit into from

Conversation

@DanielePalaia
Copy link
Contributor

@DanielePalaia DanielePalaia commented Apr 4, 2024
edited
Loading

@DanielePalaia DanielePalaia force-pushed the bumping_xnet_lib branch 2 times, most recently from c535014 to 7f3e99a Compare April 4, 2024 13:13
@DanielePalaia DanielePalaia changed the title bumping x/net library to 0.23.0 bumping golang to 1.21.9 Apr 4, 2024
@Zerpet
Copy link
Member

Zerpet commented Apr 4, 2024

I recall govulncheck complaining about golang.org/x/net, you may have to bump this dependency explicitly. In #1603 it also failed on golang.org/net/http IIRC, although that may be fixed simply with the Go patch update.

@Zerpet
Copy link
Member

Zerpet commented Apr 4, 2024

If you want faster feedback loops, you can install Go 1.21 locally, install govulncheck and run the same command locally. There should be no reason to get a different behaviour than in CI.

@DanielePalaia DanielePalaia force-pushed the bumping_xnet_lib branch 2 times, most recently from 5210c7e to 8428f30 Compare April 4, 2024 13:49
@DanielePalaia
Copy link
Contributor Author

DanielePalaia commented Apr 4, 2024

@Zerpet yes that's strange, this branch works fine for me locally with just bumping the x/net library to 0.23.0 with go 1.21.x (I tried 1.21.5 and the last 1.21.9). Not sure why in the action is complaining (even though it seems then working with 1.22 as we say in the last PR)

@DanielePalaia
Copy link
Contributor Author

DanielePalaia commented Apr 4, 2024
edited
Loading

From the error message:
Standard library
Found in: net/[email protected]
Fixed in: net/[email protected]

and the vuln report https://pkg.go.dev/vuln/GO-2024-2687 it seems like it is affecting previous versions of 1.21.9.

It seems like the github action actions/setup-go@v5 is not taking the last 1.21.9 and still using 1.21.8?

https://github.com/rabbitmq/cluster-operator/actions/runs/8555825039/job/23444195431?pr=1605#step:3:1

@DanielePalaia
Copy link
Contributor Author

DanielePalaia commented Apr 4, 2024

Yes it was a caching issue apparently. Cleaning up the cache solved the issue.

I will close this one and merge this identical one just arrived then: #1606

@Zerpet Zerpet deleted the bumping_xnet_lib branch October 8, 2024 17:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@DanielePalaia @Zerpet