From 2d0d3c3fdfb72136a0901f2730b34b5a4d048fc8 Mon Sep 17 00:00:00 2001 From: Benjamin Wang Date: Thu, 6 Apr 2023 13:08:11 +0800 Subject: [PATCH] security: bump go to 1.19.8 to fix four CVEs Signed-off-by: Benjamin Wang --- .github/workflows/build.yaml | 2 +- .github/workflows/contrib.yaml | 2 +- .github/workflows/coverage.yaml | 2 +- .github/workflows/e2e-arm64.yaml | 2 +- .github/workflows/e2e.yaml | 2 +- .github/workflows/fuzzing.yaml | 2 +- .github/workflows/govuln.yaml | 2 +- .github/workflows/grpcproxy.yaml | 2 +- .github/workflows/release.yaml | 2 +- .github/workflows/robustness-template.yaml | 2 +- .github/workflows/static-analysis.yaml | 2 +- .github/workflows/tests-arm64.yaml | 2 +- .github/workflows/tests.yaml | 2 +- tests/manual/Makefile | 2 +- 14 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index a08009100..150690c52 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -22,7 +22,7 @@ jobs: - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: - go-version: "1.19.7" + go-version: "1.19.8" - env: TARGET: ${{ matrix.target }} run: | diff --git a/.github/workflows/contrib.yaml b/.github/workflows/contrib.yaml index 185fac591..77f857376 100644 --- a/.github/workflows/contrib.yaml +++ b/.github/workflows/contrib.yaml @@ -8,7 +8,7 @@ jobs: - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: - go-version: "1.19.7" + go-version: "1.19.8" - run: | set -euo pipefail diff --git a/.github/workflows/coverage.yaml b/.github/workflows/coverage.yaml index 78eb6cca8..39ae74d70 100644 --- a/.github/workflows/coverage.yaml +++ b/.github/workflows/coverage.yaml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: - go-version: "1.19.7" + go-version: "1.19.8" - env: TARGET: ${{ matrix.target }} run: | diff --git a/.github/workflows/e2e-arm64.yaml b/.github/workflows/e2e-arm64.yaml index 0076385b3..49eb8d078 100644 --- a/.github/workflows/e2e-arm64.yaml +++ b/.github/workflows/e2e-arm64.yaml @@ -18,7 +18,7 @@ jobs: - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: ref: main - go-version: "1.19.7" + go-version: "1.19.8" - run: date - env: TARGET: ${{ matrix.target }} diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 9e9d645c5..439e05bca 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -14,7 +14,7 @@ jobs: - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: - go-version: "1.19.7" + go-version: "1.19.8" - run: date - env: TARGET: ${{ matrix.target }} diff --git a/.github/workflows/fuzzing.yaml b/.github/workflows/fuzzing.yaml index 6ff076a03..980a9a60c 100644 --- a/.github/workflows/fuzzing.yaml +++ b/.github/workflows/fuzzing.yaml @@ -12,7 +12,7 @@ jobs: - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: - go-version: "1.19.7" + go-version: "1.19.8" - run: | set -euo pipefail diff --git a/.github/workflows/govuln.yaml b/.github/workflows/govuln.yaml index 59b526d9a..0dd0633a5 100644 --- a/.github/workflows/govuln.yaml +++ b/.github/workflows/govuln.yaml @@ -8,7 +8,7 @@ jobs: - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: - go-version: "1.19.7" + go-version: "1.19.8" - run: date - run: | set -euo pipefail diff --git a/.github/workflows/grpcproxy.yaml b/.github/workflows/grpcproxy.yaml index aedbdbb1c..3307acc99 100644 --- a/.github/workflows/grpcproxy.yaml +++ b/.github/workflows/grpcproxy.yaml @@ -14,7 +14,7 @@ jobs: - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: - go-version: "1.19.7" + go-version: "1.19.8" - run: date - env: TARGET: ${{ matrix.target }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 639f7e222..fa5c64546 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -8,7 +8,7 @@ jobs: - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: - go-version: "1.19.7" + go-version: "1.19.8" - name: release run: | set -euo pipefail diff --git a/.github/workflows/robustness-template.yaml b/.github/workflows/robustness-template.yaml index 50b861e32..a8d310b82 100644 --- a/.github/workflows/robustness-template.yaml +++ b/.github/workflows/robustness-template.yaml @@ -24,7 +24,7 @@ jobs: - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: - go-version: '1.19.7' + go-version: '1.19.8' - name: test-robustness env: ETCD_BRANCH: "${{ inputs.etcdBranch }}" diff --git a/.github/workflows/static-analysis.yaml b/.github/workflows/static-analysis.yaml index ae912fbed..978f8fe44 100644 --- a/.github/workflows/static-analysis.yaml +++ b/.github/workflows/static-analysis.yaml @@ -8,7 +8,7 @@ jobs: - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: - go-version: "1.19.7" + go-version: "1.19.8" - name: golangci-lint uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # v3.4.0 with: diff --git a/.github/workflows/tests-arm64.yaml b/.github/workflows/tests-arm64.yaml index 8e4046454..d61d5b0c8 100644 --- a/.github/workflows/tests-arm64.yaml +++ b/.github/workflows/tests-arm64.yaml @@ -20,7 +20,7 @@ jobs: - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: ref: main - go-version: "1.19.7" + go-version: "1.19.8" - run: date - env: TARGET: ${{ matrix.target }} diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index bbc30a765..41849e009 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -17,7 +17,7 @@ jobs: - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: - go-version: "1.19.7" + go-version: "1.19.8" - run: date - env: TARGET: ${{ matrix.target }} diff --git a/tests/manual/Makefile b/tests/manual/Makefile index 42bd08070..35a16b9b1 100644 --- a/tests/manual/Makefile +++ b/tests/manual/Makefile @@ -1,5 +1,5 @@ TMP_DOCKERFILE:=$(shell mktemp) -GO_VERSION ?= 1.19.7 +GO_VERSION ?= 1.19.8 TMP_DIR_MOUNT_FLAG = --tmpfs=/tmp:exec ifdef HOST_TMP_DIR TMP_DIR_MOUNT_FLAG = --mount type=bind,source=$(HOST_TMP_DIR),destination=/tmp