Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: bump to go 1.21.3 #18717

Merged
merged 1 commit into from
Oct 10, 2023
Merged

build: bump to go 1.21.3 #18717

merged 1 commit into from
Oct 10, 2023

Conversation

tgross
Copy link
Member

@tgross tgross commented Oct 10, 2023

Go 1.21.3 fixes an important HTTP2 CVE (see CVE-2023-39325 and CVE-2023-44487). Nomad does not use HTTP2 and is not vulnerable. However we should pick up the toolchain bump if for no other reason than we don't have to answer questions about that.

@tgross tgross requested a review from a team October 10, 2023 19:38
@tgross tgross marked this pull request as ready for review October 10, 2023 19:38
@tgross tgross added theme/build-infrastructure theme/dependencies Pull requests that update a dependency file labels Oct 10, 2023
gulducat
gulducat approved these changes Oct 10, 2023
View reviewed changes
.changelog/18717.txt Outdated Show resolved Hide resolved
@tgross
build: bump to go 1.21.3
c738d3d 
Go 1.21.3 fixes an important HTTP2 CVE (see CVE-2023-39325 and
CVE-2023-44487). Nomad does not use HTTP2 and is not vulnerable. However we
should pick up the toolchain bump if for no other reason than we don't have to
answer questions about that.
shoenig
shoenig approved these changes Oct 10, 2023
View reviewed changes
Copy link
Contributor

@shoenig shoenig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tgross tgross merged commit 635afee into main Oct 10, 2023
@tgross tgross deleted the deps-bump-golang branch October 10, 2023 20:37
@tgross tgross added backport/1.4.x backport to 1.4.x release line backport/1.5.x backport to 1.5.x release line backport/1.6.x backport to 1.6.x release line labels Oct 11, 2023
This was referenced Oct 11, 2023
Merged
Merged
Merged
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 9, 2025

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 9, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@shoenig shoenig shoenig approved these changes

@gulducat gulducat gulducat approved these changes

Assignees
No one assigned
Labels
backport/1.4.x backport to 1.4.x release line backport/1.5.x backport to 1.5.x release line backport/1.6.x backport to 1.6.x release line theme/build-infrastructure theme/dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tgross @shoenig @gulducat