Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: upgrade go to v1.21.11 to fix CVE-2024-24790 #485

Merged
merged 1 commit into from
Jul 5, 2024
Merged

chore: upgrade go to v1.21.11 to fix CVE-2024-24790 #485

merged 1 commit into from
Jul 5, 2024

Conversation

strivedi-px
Copy link
Contributor

@strivedi-px strivedi-px commented Jul 5, 2024
edited
Loading

Upgrade Go to v1.21.11 to fix CVE-2024-24790. The CVE was fixed in the following commit: https://go-review.googlesource.com/c/go/+/590315 which was released in the v1.21.11 release of Go.

bcho
bcho approved these changes Jul 5, 2024
View reviewed changes
Copy link
Member

@bcho bcho left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bcho bcho merged commit fdf7706 into Azure:main Jul 5, 2024
6 checks passed
@strivedi-px
Copy link
Contributor Author

@bcho when are you planning to create the next release with this fix?

@bcho
Copy link
Member

bcho commented Jul 5, 2024

@strivedi-px i will cut a new release tomorrow during PDT business time -- cc @weinong

@bcho
Copy link
Member

bcho commented Jul 5, 2024

v0.1.4 published:

go version -m ./kubelogin 
./kubelogin: go1.21.11
        path    github.com/Azure/kubelogin
        mod     github.com/Azure/kubelogin      (devel)
        dep     github.com/Azure/azure-sdk-for-go/sdk/azcore    v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg=
        dep     github.com/Azure/azure-sdk-for-go/sdk/azidentity        v1.6.0  h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg=
        dep     github.com/Azure/azure-sdk-for-go/sdk/internal  v1.9.0  h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o=
        dep     github.com/Azure/go-autorest/autorest   v0.11.29        h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw=
        dep     github.com/Azure/go-autorest/autorest/adal      v0.9.23 h1:Yepx8CvFxwNKpH6ja7RZ+sKX+DWYNldbLiALMC3BTz8=
        dep     github.com/Azure/go-autorest/autorest/date      v0.3.0  h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
        dep     github.com/Azure/go-autorest/logger     v0.2.1  h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg=
        dep     github.com/Azure/go-autorest/tracing    v0.6.0  h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
        dep     github.com/AzureAD/microsoft-authentication-library-for-go      v1.2.2  h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU=
        dep     github.com/davecgh/go-spew      v1.1.1  h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
        dep     github.com/emicklei/go-restful/v3       v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
        dep     github.com/evanphx/json-patch   v5.6.0+incompatible     h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
        dep     github.com/go-errors/errors     v1.4.2  h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
        dep     github.com/go-logr/logr v1.4.1  h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
        dep     github.com/go-openapi/jsonpointer       v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
        dep     github.com/go-openapi/jsonreference     v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
        dep     github.com/go-openapi/swag      v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
        dep     github.com/gogo/protobuf        v1.3.2  h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
        dep     github.com/golang-jwt/jwt/v4    v4.5.0  h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
        dep     github.com/golang-jwt/jwt/v5    v5.2.1  h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
        dep     github.com/golang/protobuf      v1.5.4  h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
        dep     github.com/google/btree v1.1.2  h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
        dep     github.com/google/gnostic-models        v0.6.8  h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
        dep     github.com/google/gofuzz        v1.2.0  h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
        dep     github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510      h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
        dep     github.com/google/uuid  v1.6.0  h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
        dep     github.com/gregjones/httpcache  v0.0.0-20190611155906-901d90724c79      h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
        dep     github.com/imdario/mergo        v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
        dep     github.com/josharian/intern     v1.0.0  h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
        dep     github.com/json-iterator/go     v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
        dep     github.com/kylelemons/godebug   v1.1.0  h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
        dep     github.com/liggitt/tabwriter    v0.0.0-20181228230101-89fcab3d43de      h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
        dep     github.com/mailru/easyjson      v0.7.7  h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
        dep     github.com/moby/term    v0.0.0-20221205130635-1aeaba878587      h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA=
        dep     github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd      h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
        dep     github.com/modern-go/reflect2   v1.0.2  h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
        dep     github.com/monochromegane/go-gitignore  v0.0.0-20200626010858-205db1a8cc00      h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0=
        dep     github.com/munnerz/goautoneg    v0.0.0-20191010083416-a7dc8b61c822      h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
        dep     github.com/peterbourgon/diskv   v2.0.1+incompatible     h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
        dep     github.com/pkg/browser  v0.0.0-20240102092130-5ac0b6a4141c      h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
        dep     github.com/pkg/errors   v0.9.1  h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
        dep     github.com/spf13/cobra  v1.8.1  h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
        dep     github.com/spf13/pflag  v1.0.5  h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
        dep     github.com/xlab/treeprint       v1.2.0  h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ=
        dep     go.starlark.net v0.0.0-20230525235612-a134d8f9ddca      h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY=
        dep     golang.org/x/crypto     v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
        dep     golang.org/x/net        v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
        dep     golang.org/x/oauth2     v0.10.0 h1:zHCpF2Khkwy4mMB4bv0U37YtJdTGW8jI0glAApi0Kh8=
        dep     golang.org/x/sync       v0.7.0  h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
        dep     golang.org/x/sys        v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
        dep     golang.org/x/term       v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA=
        dep     golang.org/x/text       v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
        dep     golang.org/x/time       v0.3.0  h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
        dep     google.golang.org/protobuf      v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
        dep     gopkg.in/inf.v0 v0.9.1  h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
        dep     gopkg.in/retry.v1       v1.0.3  h1:a9CArYczAVv6Qs6VGoLMio99GEs7kY9UzSF9+LD+iGs=
        dep     gopkg.in/yaml.v2        v2.4.0  h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
        dep     gopkg.in/yaml.v3        v3.0.1  h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
        dep     k8s.io/api      v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw=
        dep     k8s.io/apimachinery     v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU=
        dep     k8s.io/cli-runtime      v0.29.3 h1:r68rephmmytoywkw2MyJ+CxjpasJDQY7AGc3XY2iv1k=
        dep     k8s.io/client-go        v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg=
        dep     k8s.io/klog/v2  v2.130.1        h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
        dep     k8s.io/kube-openapi     v0.0.0-20231010175941-2dd684a91f00      h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780=
        dep     k8s.io/utils    v0.0.0-20230726121419-3b25d923346b      h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
        dep     sigs.k8s.io/json        v0.0.0-20221116044647-bc3834ca7abd      h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
        dep     sigs.k8s.io/kustomize/api       v0.13.5-0.20230601165947-6ce0bf390ce3   h1:XX3Ajgzov2RKUdc5jW3t5jwY7Bo7dcRm+tFxT+NfgY0=
        dep     sigs.k8s.io/kustomize/kyaml     v0.14.3-0.20230601165947-6ce0bf390ce3   h1:W6cLQc5pnqM7vh3b7HvGNfXrJ/xL6BDMS0v1V/HHg5U=
        dep     sigs.k8s.io/structured-merge-diff/v4    v4.4.1  h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
        dep     sigs.k8s.io/yaml        v1.3.0  h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
        build   -buildmode=exe
        build   -compiler=gc
        build   -ldflags="-X main.gitTag=v0.1.4"
        build   CGO_ENABLED=0
        build   GOARCH=amd64
        build   GOOS=linux
        build   GOAMD64=v1
        build   vcs=git
        build   vcs.revision=aed62b0077827211ca2e6f7422281f34e4221e98
        build   vcs.time=2024-07-05T19:50:24Z
        build   vcs.modified=false

@strivedi-px
Copy link
Contributor Author

Thanks @bcho! 🙌

@strivedi-px strivedi-px deleted the fix-cve-2024-24790 branch July 6, 2024 04:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bcho bcho bcho approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@strivedi-px @bcho