Skip to content

Backport of Upgraded go to 1.23.8 into release/1.20.x #22282

Merged
nitin-sachdev-29 merged 3 commits intorelease/1.20.xfrom
cve-fix-release-1.20.x
Apr 18, 2025
Merged

Backport of Upgraded go to 1.23.8 into release/1.20.x #22282
nitin-sachdev-29 merged 3 commits intorelease/1.20.xfrom
cve-fix-release-1.20.x

Conversation

@nitin-sachdev-29
Copy link
Copy Markdown
Contributor

@nitin-sachdev-29 nitin-sachdev-29 commented Apr 18, 2025

Description

backport of #22273

Testing & Reproduction steps

Links

PR Checklist

  • updated test coverage
  • external facing docs updated
  • appropriate backport labels added
  • not a security concern

@nitin-sachdev-29
CVE Fix (#22268)
0fdf60c 
* Fixed following CVEs:
GHSA-vvgc-356p-c3xw in golang.org/x/net@v0.37.0
GO-2025-3595 in golang.org/x/net@v0.37.0
GO-2025-3553 in github.com/golang-jwt/jwt/v4@v4.5.1
GHSA-mh63-6h87-95cp in github.com/golang-jwt/jwt/v4@v4.5.1
stdlib in Go GO-2025-3563@1.23.7

* added changelog

(cherry picked from commit 519fb0a)
@nitin-sachdev-29
Upgraded go to 1.23.8 (#22273)
efcd597 
* Fixed following CVEs:
GHSA-vvgc-356p-c3xw in golang.org/x/net@v0.37.0
GO-2025-3595 in golang.org/x/net@v0.37.0
GO-2025-3553 in github.com/golang-jwt/jwt/v4@v4.5.1
GHSA-mh63-6h87-95cp in github.com/golang-jwt/jwt/v4@v4.5.1
stdlib in Go GO-2025-3563@1.23.7

* added changelog

* upgraded go to 1.23.8

(cherry picked from commit 570651a)
@nitin-sachdev-29
suppressing alpine CVEs as there is no fix yet
2a548a5
@nitin-sachdev-29 nitin-sachdev-29 added pr/no-changelog PR does not need a corresponding .changelog entry pr/no-backport labels Apr 18, 2025
@nitin-sachdev-29 nitin-sachdev-29 self-assigned this Apr 18, 2025
@nitin-sachdev-29 nitin-sachdev-29 requested review from a team as code owners April 18, 2025 09:37
@github-actions github-actions bot added theme/api Relating to the HTTP API interface pr/dependencies PR specifically updates dependencies of project labels Apr 18, 2025
anandmukul93
anandmukul93 approved these changes Apr 18, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@anandmukul93 anandmukul93 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@nitin-sachdev-29 nitin-sachdev-29 enabled auto-merge (squash) April 18, 2025 09:46
@nitin-sachdev-29 nitin-sachdev-29 merged commit 2ed4bce into release/1.20.x Apr 18, 2025
111 checks passed
@nitin-sachdev-29 nitin-sachdev-29 deleted the cve-fix-release-1.20.x branch April 18, 2025 09:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anandmukul93 anandmukul93 anandmukul93 approved these changes

@claire-labry claire-labry Awaiting requested review from claire-labry claire-labry is a code owner automatically assigned from hashicorp/team-selfmanaged-releng

Assignees

@nitin-sachdev-29 nitin-sachdev-29

Labels

pr/dependencies PR specifically updates dependencies of project pr/no-backport pr/no-changelog PR does not need a corresponding .changelog entry theme/api Relating to the HTTP API interface

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nitin-sachdev-29 @anandmukul93