Skip to content

Commit

Permalink
bump go 1.19.4
Browse files Browse the repository at this point in the history
$ govulncheck ./...
govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

Scanning for dependencies with known vulnerabilities...
Found 1 known vulnerability.

Vulnerability #1: GO-2022-1144
  An attacker can cause excessive memory growth in a Go server
  accepting HTTP/2 requests. HTTP/2 server connections contain a
  cache of HTTP header keys sent by the client. While the total
  number of entries in this cache is capped, an attacker sending
  very large keys can cause the server to allocate approximately
  64 MiB per open connection.

  Call stacks in your code:
      tools/etcd-dump-metrics/main.go:159:31: go.etcd.io/etcd/v3/tools/etcd-dump-metrics.main$4 calls go.etcd.io/etcd/server/v3/embed.StartEtcd, which eventually calls golang.org/x/net/http2.ConfigureServer$1

  Found in: golang.org/x/net/[email protected]
  Fixed in: golang.org/x/net/[email protected]
  More info: https://pkg.go.dev/vuln/GO-2022-1144

Vulnerability #2: GO-2022-1144
  An attacker can cause excessive memory growth in a Go server
  accepting HTTP/2 requests. HTTP/2 server connections contain a
  cache of HTTP header keys sent by the client. While the total
  number of entries in this cache is capped, an attacker sending
  very large keys can cause the server to allocate approximately
  64 MiB per open connection.

  Call stacks in your code:
      contrib/lock/storage/storage.go:106:28: go.etcd.io/etcd/v3/contrib/lock/storage.main calls net/http.ListenAndServe
      contrib/raftexample/httpapi.go:113:31: go.etcd.io/etcd/v3/contrib/raftexample.serveHTTPKVAPI$1 calls net/http.Server.ListenAndServe
      tools/etcd-dump-metrics/main.go:159:31: go.etcd.io/etcd/v3/tools/etcd-dump-metrics.main$4 calls go.etcd.io/etcd/server/v3/embed.StartEtcd, which eventually calls net/http.Serve
      tools/etcd-dump-metrics/main.go:159:31: go.etcd.io/etcd/v3/tools/etcd-dump-metrics.main$4 calls go.etcd.io/etcd/server/v3/embed.StartEtcd, which eventually calls net/http.Server.Serve

  Found in: net/[email protected]
  Fixed in: net/[email protected]
  More info: https://pkg.go.dev/vuln/GO-2022-1144

Signed-off-by: Benjamin Wang <[email protected]>
  • Loading branch information
ahrtr committed Dec 8, 2022
1 parent dc9e422 commit dccc21b
Show file tree
Hide file tree
Showing 15 changed files with 15 additions and 15 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: "1.19.3"
go-version: "1.19.4"
- env:
TARGET: ${{ matrix.target }}
run: |
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/contrib.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,5 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: "1.19.3"
go-version: "1.19.4"
- run: make -C contrib/mixin tools test
2 changes: 1 addition & 1 deletion .github/workflows/coverage.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: "1.19.3"
go-version: "1.19.4"
- env:
TARGET: ${{ matrix.target }}
run: |
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/e2e.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: "1.19.3"
go-version: "1.19.4"
- run: date
- env:
TARGET: ${{ matrix.target }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/functional.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: "1.19.3"
go-version: "1.19.4"
- run: date
- env:
TARGET: ${{ matrix.target }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/fuzzing.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: "1.19.3"
go-version: "1.19.4"
- run: GOARCH=amd64 CPU=4 make fuzz
- uses: actions/upload-artifact@v2
if: failure()
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/govuln.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,6 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: "1.19.3"
go-version: "1.19.4"
- run: date
- run: go install golang.org/x/vuln/cmd/govulncheck@latest && govulncheck ./...
2 changes: 1 addition & 1 deletion .github/workflows/grpcproxy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: "1.19.3"
go-version: "1.19.4"
- run: date
- env:
TARGET: ${{ matrix.target }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/linearizability-nightly.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: "1.19.3"
go-version: "1.19.4"
- run: |
make gofail-enable
make build
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/linearizability.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: "1.19.3"
go-version: "1.19.4"
- run: |
make gofail-enable
make build
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: "1.19.3"
go-version: "1.19.4"
- run: |
git config --global user.email "[email protected]"
git config --global user.name "Github Action"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/static-analysis.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: "1.19.3"
go-version: "1.19.4"
- name: golangci-lint
uses: golangci/golangci-lint-action@v3
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/tests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: "1.19.3"
go-version: "1.19.4"
- run: date
- env:
TARGET: ${{ matrix.target }}
Expand Down
2 changes: 1 addition & 1 deletion tests/functional/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ RUN dnf check-update || true \
ENV GOROOT /usr/local/go
ENV GOPATH /go
ENV PATH ${GOPATH}/bin:${GOROOT}/bin:${PATH}
ENV GO_VERSION 1.19.3
ENV GO_VERSION 1.19.4
ENV GO_DOWNLOAD_URL https://storage.googleapis.com/golang
RUN rm -rf ${GOROOT} \
&& curl -s ${GO_DOWNLOAD_URL}/go${GO_VERSION}.linux-amd64.tar.gz | tar -v -C /usr/local/ -xz \
Expand Down
2 changes: 1 addition & 1 deletion tests/manual/Makefile
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
TMP_DOCKERFILE:=$(shell mktemp)
GO_VERSION ?= 1.19.3
GO_VERSION ?= 1.19.4
TMP_DIR_MOUNT_FLAG = --tmpfs=/tmp:exec
ifdef HOST_TMP_DIR
TMP_DIR_MOUNT_FLAG = --mount type=bind,source=$(HOST_TMP_DIR),destination=/tmp
Expand Down

0 comments on commit dccc21b

Please sign in to comment.