Skip to content

[release-3.4] Bump Go to 1.23.8 #19726

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 7, 2025
Merged

[release-3.4] Bump Go to 1.23.8 #19726

merged 2 commits into from
Apr 7, 2025

Conversation

henrybear327
Copy link
Contributor

@henrybear327
[release-3.4] Bump Go to 1.23.8
e0b2726 
Ran `go mod tidy` for all mod files manually.

Reference:
- etcd-io#19713

Signed-off-by: Chun-Hung Tseng <[email protected]>
@henrybear327 henrybear327 mentioned this pull request Apr 7, 2025
Closed
17 tasks
@henrybear327
Bump github.com/golang-jwt/jwt from 3.2.1 to github.com/golang-jwt/jw…
8eab95c 
…t/v4 4.5.2

Steps executed:
- change import path to "github.com/golang-jwt/jwt/v4"
- execute `go get github.com/golang-jwt/jwt/v4; go mod tidy`
- execute `./scripts/updatebom.sh`

Reference:
- https://pkg.go.dev/vuln/GO-2025-3553
- https://github.com/golang-jwt/jwt/blob/main/MIGRATION_GUIDE.md

Signed-off-by: Chun-Hung Tseng <[email protected]>
@k8s-ci-robot k8s-ci-robot added size/M and removed size/S labels Apr 7, 2025
@henrybear327
Copy link
Contributor Author

henrybear327 commented Apr 7, 2025
edited
Loading

Due to https://pkg.go.dev/vuln/GO-2025-3553, we need to bump github.com/golang-jwt/jwt to either github.com/golang-jwt/jwt/v4 or github.com/golang-jwt/jwt/v5.

Currently, I have bumped the version to 4.5.2, as this is the minimal version change that is safe from the security vulnerability.

@ahrtr do you think this decision is ok? :)

@henrybear327 henrybear327 self-assigned this Apr 7, 2025
fuweid
fuweid approved these changes Apr 7, 2025
View reviewed changes
Copy link
Member

@fuweid fuweid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM on green

@henrybear327
Copy link
Contributor Author

/retest

@ahrtr
Copy link
Member

ahrtr commented Apr 7, 2025

Due to https://pkg.go.dev/vuln/GO-2025-3553, we need to bump github.com/golang-jwt/jwt to either github.com/golang-jwt/jwt/v4 or github.com/golang-jwt/jwt/v5.

Currently, I have bumped the version to 4.5.2, as this is the minimal version change that is safe from the security vulnerability.

@ahrtr do you think this decision is ok? :)

It works, thx

@ahrtr
Copy link
Member

ahrtr commented Apr 7, 2025

/retest

@k8s-ci-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ahrtr, fuweid, henrybear327

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@fuweid fuweid merged commit baf285c into etcd-io:release-3.4 Apr 7, 2025
18 checks passed
@henrybear327 henrybear327 deleted the release34/go/1.23.8 branch April 8, 2025 06:15
@henrybear327 henrybear327 mentioned this pull request Apr 8, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fuweid fuweid fuweid approved these changes

@ahrtr ahrtr ahrtr approved these changes

@ivanvc ivanvc Awaiting requested review from ivanvc

@jmhbnz jmhbnz Awaiting requested review from jmhbnz

Assignees

@henrybear327 henrybear327

Labels
approved size/M
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@henrybear327 @ahrtr @k8s-ci-robot @fuweid