Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update GO version to match OPA version #603

Merged
merged 3 commits into from
Oct 17, 2024
Merged

Update GO version to match OPA version #603

merged 3 commits into from
Oct 17, 2024

Conversation

pratimsc
Copy link
Contributor

The OPA Envoy Plugin fails due to CVEs present in G 1.22.5. Update it to Go version used by OPA i.e. 1.23.1, which has the required CVE fixes.

List of CVEs:

@pratimsc pratimsc mentioned this pull request Oct 11, 2024
Open
@tjons
Copy link
Contributor

tjons commented Oct 13, 2024

@pratimsc I think it would be a good idea to bump the go.mod version here, can you add that?

@pratimsc
Copy link
Contributor Author

@tjons - I have updated the version in go.mod file

@nfuden
Copy link

nfuden commented Oct 14, 2024

Does it make sense to add a ci check at some point to make sure the toolchain / mod version are the same as in .go-version?
After all go-version is used by the makefile.
Definitely out of scope for this just a (potentially) interesting thought

@pratimsc
Copy link
Contributor Author

Does it make sense to add a ci check at some point to make sure the toolchain / mod version are the same as in .go-version? After all go-version is used by the makefile. Definitely out of scope for this just a (potentially) interesting thought

@nfuden - It will be good idea to put in the check, and also another check to use the same version of Go as the opa itself. So we have consistency across the opa and envoy-plugin.

Is the present PR good to merge?

@tjons
Copy link
Contributor

tjons commented Oct 15, 2024

@pratimsc neither @nfuden nor I are maintainers, I'm just a contributor. cc @ashutosh-narkar to review.

@pratimsc @ashutosh-narkar
Update GO version to match OPA version
56fea71 
The OPA Envoy Plugin fails due to CVEs present in G 1.22.5.
Update it to Go version used by OPA i.e. 1.23.1, which has the required CVE fixes.

List of CVEs:
- CVE-2024-34155
- CVE-2024-34156
- CVE-2024-34158

Signed-off-by: Pratim SC <[email protected]>
@pratimsc @ashutosh-narkar
Update go version to 1.23.1
6667d30 
Signed-off-by: Pratim SC <[email protected]>
@pratimsc @ashutosh-narkar
Update go.mod
22c831d 
Updated the version to align with OPA Go min version. 

Signed-off-by: Pratim SC <[email protected]>
ashutosh-narkar
ashutosh-narkar approved these changes Oct 17, 2024
View reviewed changes
Copy link
Member

@ashutosh-narkar ashutosh-narkar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ashutosh-narkar ashutosh-narkar merged commit 4c4c3fd into open-policy-agent:main Oct 17, 2024
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ashutosh-narkar ashutosh-narkar ashutosh-narkar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@pratimsc @tjons @nfuden @ashutosh-narkar