Bump golang 1.23.12, 1.24.6 #239
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Austin Vazquez <[email protected]>
Signed-off-by: Austin Vazquez <[email protected]>
Signed-off-by: Austin Vazquez <[email protected]>
Signed-off-by: Austin Vazquez <[email protected]>
Signed-off-by: Austin Vazquez <[email protected]>
Signed-off-by: Austin Vazquez <[email protected]>
Signed-off-by: Austin Vazquez <[email protected]>
Signed-off-by: Austin Vazquez <[email protected]>
crazy-max
reviewed
Aug 11, 2025
| PKG_REPO = PKG_REPO != null && PKG_REPO != "" ? PKG_REPO : "https://github.com/docker/docker-credential-helpers.git" | ||
| PKG_REF = PKG_REF != null && PKG_REF != "" ? PKG_REF : "master" | ||
| GO_VERSION = GO_VERSION != null && GO_VERSION != "" ? GO_VERSION : "1.23.6" # https://github.com/docker/docker-credential-helpers/blob/f9d3010165b642df37215b1be945552f2c6f0e3b/Dockerfile#L3 | ||
| GO_VERSION = GO_VERSION != null && GO_VERSION != "" ? GO_VERSION : "1.23.12" # https://github.com/docker/docker-credential-helpers/blob/f9d3010165b642df37215b1be945552f2c6f0e3b/Dockerfile#L3 |
Member
There was a problem hiding this comment.
This one still pins to 1.23.6 so would need upstream update as well.
Member
There was a problem hiding this comment.
(but we can start looking at updating it to go1.24)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
These minor releases include 2 security fixes following the security policy:
If the PATH environment variable contains paths which are executables (rather
than just directories), passing certain strings to LookPath ("", ".", and ".."),
can result in the binaries listed in the PATH being unexpectedly returned.
Thanks to Olivier Mengué for reporting this issue.
This is CVE-2025-47906 and Go issue https://go.dev/issue/74466.
Cancelling a query (e.g. by cancelling the context passed to one of the query
methods) during a call to the Scan method of the returned Rows can result in
unexpected results if other queries are being made in parallel. This can result
in a race condition that may overwrite the expected results with those of
another query, causing the call to Scan to return either unexpected results
from the other query or an error.
We believe this affects most database/sql drivers.
Thanks to Spike Curtis from Coder for reporting this issue.
This is GHSA-j5pm-7495-qmr3 and https://go.dev/issue/74831.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.24.6