Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: upgrade golang 1.20.5 -> 1.20.10 (2.x) #24415

Merged
merged 1 commit into from
Oct 12, 2023
Merged

chore: upgrade golang 1.20.5 -> 1.20.10 (2.x) #24415

merged 1 commit into from
Oct 12, 2023

Conversation

bnpfeife
Copy link
Contributor

No description provided.

@bnpfeife bnpfeife self-assigned this Oct 11, 2023
@bnpfeife bnpfeife changed the title chore: upgrade golang 1.20.5 -> 1.20.10 chore: upgrade golang 1.20.5 -> 1.20.10 (2.x) Oct 11, 2023
@bnpfeife bnpfeife force-pushed the BNP_upgrade-golang-1.20.10_2.x branch from ee68511 to 43aeaca Compare October 11, 2023 21:45
@bnpfeife bnpfeife changed the base branch from master to main-2.x October 11, 2023 21:46
@alespour alespour self-requested a review October 12, 2023 08:22
alespour
alespour approved these changes Oct 12, 2023
View reviewed changes
Copy link
Contributor

@alespour alespour left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just curious, why not use go1.20.10-latest tag instead?

@alespour
Copy link
Contributor

Closes https://github.com/influxdata/edge/issues/515

jdstrand
jdstrand reviewed Oct 12, 2023
View reviewed changes
go.mod Outdated
golang.org/x/mod v0.7.0 // indirect
golang.org/x/net v0.7.0 // indirect
golang.org/x/mod v0.13.0 // indirect
golang.org/x/net v0.16.0 // indirect
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we get this updated to v0.17.0? See https://github.com/advisories?query=GHSA-4374-p667-p6c8

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

$ go mod why -m golang.org/x/net
# golang.org/x/net
github.com/influxdata/influxdb/v2/vault
github.com/hashicorp/vault/api
golang.org/x/net/http2

Looks like hashicorp hasn't updated: https://github.com/hashicorp/vault/blob/main/go.mod. I suggest:

$ go mod edit -require golang.org/x/[email protected]
$ go mod tidy

Which results in:

$ git diff
diff --git a/go.mod b/go.mod
index 679f076543..1bb944c0cc 100644
--- a/go.mod
+++ b/go.mod
@@ -209,7 +209,7 @@ require (
        golang.org/x/exp/typeparams v0.0.0-20221208152030-732eee02a75a // indirect
        golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
        golang.org/x/mod v0.13.0 // indirect
-       golang.org/x/net v0.16.0 // indirect
+       golang.org/x/net v0.17.0 // indirect
        golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f // indirect
        golang.org/x/term v0.13.0 // indirect
        golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f // indirect
diff --git a/go.sum b/go.sum
index ab6488ec26..eff4774123 100644
--- a/go.sum
+++ b/go.sum
@@ -1099,8 +1099,8 @@ golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211118161319-6a13c67c3ce4/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.16.0 h1:7eBu7KsSvFDtSXUIDbh3aqlK4DPsZ1rByC8PFfBThos=
-golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All right, I've upgraded golang.org/x/net to v0.17.0 in all of the PRs!

@bnpfeife bnpfeife force-pushed the BNP_upgrade-golang-1.20.10_2.x branch from 43aeaca to 24b57ea Compare October 12, 2023 15:37
@bnpfeife bnpfeife force-pushed the BNP_upgrade-golang-1.20.10_2.x branch from 24b57ea to c919d11 Compare October 12, 2023 15:38
@bnpfeife
Copy link
Contributor Author

LGTM, just curious, why not use go1.20.10-latest tag instead?

Oh, that's a good point! I've been accustomed to using the SHA256. I pushed a commit to swap it to using latest instead.

@bnpfeife bnpfeife merged commit 39012a8 into main-2.x Oct 12, 2023
26 checks passed
@bnpfeife bnpfeife deleted the BNP_upgrade-golang-1.20.10_2.x branch October 12, 2023 16:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alespour alespour alespour approved these changes

@jdstrand jdstrand jdstrand approved these changes

Assignees

@bnpfeife bnpfeife

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bnpfeife @alespour @jdstrand