Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of [NET-4865] security: Update Go version to 1.20.6 into release/1.14.x #18193

Merged
merged 1 commit into from
Jul 19, 2023
Merged

Backport of [NET-4865] security: Update Go version to 1.20.6 into release/1.14.x #18193

merged 1 commit into from
Jul 19, 2023

Conversation

hc-github-team-consul-core
Copy link
Collaborator

Backport

This PR is auto-generated from #18190 to be assessed for backporting due to the inclusion of the label backport/1.14.

🚨

Warning automatic cherry-pick of commits failed. If the first commit failed,
you will see a blank no-op commit below. If at least one commit succeeded, you
will see the cherry-picked commits up to, not including, the commit where
the merge conflict occurred.

The person who merged in the original PR is:
@zalimeni
This person should manually cherry-pick the original PR into a new backport PR,
and close this one when the manual backport PR is merged in.

merge conflict error: POST https://api.github.com/repos/hashicorp/consul/merges: 409 Merge conflict []

The below text is copied from the body of the original PR.

This resolves CVE-2023-29406 for uses of the net/http standard library.

Note that until the follow-up to #18124 is done, the version of Go used in those impacted tests will need to remain on 1.20.5.

See related PR for golang.org/x/net dependencies: #18186

Description

Resolves CVE and brings us up to the latest version of Go.

Testing & Reproduction steps

Tests should continue to pass.

Links

https://nvd.nist.gov/vuln/detail/CVE-2023-29406
https://go-review.googlesource.com/c/go/+/506996
https://go-review.googlesource.com/c/net/+/506995

PR Checklist

  • updated test coverage
  • external facing docs updated
  • appropriate backport labels added
  • not a security concern
Overview of commits

@hc-github-team-consul-core hc-github-team-consul-core force-pushed the backport/zalimeni/net-4865-bump-go-cve/constantly-frank-hare branch 2 times, most recently from fc04a2b to 3f8cb58 Compare July 19, 2023 21:02
@hashicorp-cla
Copy link

hashicorp-cla commented Jul 19, 2023
edited
Loading

CLA assistant check
All committers have signed the CLA.

github-team-consul-core-pr-approver
github-team-consul-core-pr-approver approved these changes Jul 19, 2023
View reviewed changes
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto approved Consul Bot automated PR

@vercel vercel bot temporarily deployed to Preview – consul-ui-staging July 19, 2023 21:06 Inactive
@vercel vercel bot temporarily deployed to Preview – consul July 19, 2023 21:06 Inactive
@zalimeni zalimeni force-pushed the backport/zalimeni/net-4865-bump-go-cve/constantly-frank-hare branch from 33e6a40 to 772a270 Compare July 19, 2023 21:10
@zalimeni
Update Go version to 1.20.6
1c42fa5 
This resolves [CVE-2023-29406]
(https://nvd.nist.gov/vuln/detail/CVE-2023-29406) for uses of the
`net/http` standard library.

Note that until the follow-up to #18124 is done, the version of Go used
in those impacted tests will need to remain on 1.20.5.

Manual backport of 93f3209.
@zalimeni zalimeni force-pushed the backport/zalimeni/net-4865-bump-go-cve/constantly-frank-hare branch from 772a270 to 1c42fa5 Compare July 19, 2023 21:12
@zalimeni zalimeni marked this pull request as ready for review July 19, 2023 21:12
@zalimeni zalimeni requested a review from a team July 19, 2023 21:12
@zalimeni zalimeni requested a review from a team as a code owner July 19, 2023 21:12
@zalimeni zalimeni requested review from modrake and dlaguerta and removed request for a team July 19, 2023 21:12
@zalimeni zalimeni enabled auto-merge (squash) July 19, 2023 21:12
@zalimeni zalimeni disabled auto-merge July 19, 2023 21:12
@zalimeni zalimeni enabled auto-merge (squash) July 19, 2023 21:12
@zalimeni zalimeni merged commit 378d122 into release/1.14.x Jul 19, 2023
84 checks passed
@zalimeni zalimeni deleted the backport/zalimeni/net-4865-bump-go-cve/constantly-frank-hare branch July 19, 2023 21:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-team-consul-core-pr-approver github-team-consul-core-pr-approver github-team-consul-core-pr-approver approved these changes

@zalimeni zalimeni Awaiting requested review from zalimeni

@modrake modrake Awaiting requested review from modrake

@dlaguerta dlaguerta Awaiting requested review from dlaguerta

Assignees

@zalimeni zalimeni

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@hc-github-team-consul-core @hashicorp-cla @github-team-consul-core-pr-approver @zalimeni