Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

upgrade golang version for fix CVE-2024-24790 #26

Merged
merged 2 commits into from
Sep 5, 2024
Merged

Conversation

cHiv0rz
Copy link

@cHiv0rz cHiv0rz commented Sep 2, 2024

update golang version in order to fix this CVE

go1.22.5 (released 2024-07-02) includes security fixes to the net/http package, as well as bug fixes to the compiler, cgo, the go command, the linker, the runtime, and the crypto/tls, go/types, net, net/http, and os/exec packages. See the [Go 1.22.5 milestone](https://github.com/golang/go/issues?q=milestone%3AGo1.22.5+label%3ACherryPickApproved) on our issue tracker for details.

Could you please merge and create a new version? 🙏

cc @kvz

@cHiv0rz cHiv0rz changed the title update golang version upgrade golang version for fix CVE-2024-24790 Sep 2, 2024
@Acconut
Copy link
Collaborator

Acconut commented Sep 3, 2024

Do you want to the pre-built binary to be compiled with a newer Go version? If so, we have to bump the version in

go-version: [1.18.1]

@cHiv0rz
Copy link
Author

cHiv0rz commented Sep 3, 2024

Do you want to the pre-built binary to be compiled with a newer Go version? If so, we have to bump the version in

go-version: [1.18.1]

done it in a new commit

@Acconut Acconut merged commit 089e085 into kvz:master Sep 5, 2024
1 check passed
@Acconut
Copy link
Collaborator

Acconut commented Sep 5, 2024

Thanks, new release is out: https://github.com/kvz/json2hcl/releases/tag/v0.2.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants