Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: bump to go 1.21.3 #18717

Merged
merged 1 commit into from
Oct 10, 2023
Merged

build: bump to go 1.21.3 #18717

merged 1 commit into from
Oct 10, 2023

Conversation

tgross
Copy link
Member

@tgross tgross commented Oct 10, 2023

Go 1.21.3 fixes an important HTTP2 CVE (see CVE-2023-39325 and CVE-2023-44487). Nomad does not use HTTP2 and is not vulnerable. However we should pick up the toolchain bump if for no other reason than we don't have to answer questions about that.

@tgross tgross requested a review from a team October 10, 2023 19:38
@tgross tgross marked this pull request as ready for review October 10, 2023 19:38
@tgross tgross added theme/build-infrastructure theme/dependencies Pull requests that update a dependency file labels Oct 10, 2023
gulducat
gulducat approved these changes Oct 10, 2023
View reviewed changes
.changelog/18717.txt Outdated Show resolved Hide resolved
@tgross
build: bump to go 1.21.3
c738d3d 
Go 1.21.3 fixes an important HTTP2 CVE (see CVE-2023-39325 and
CVE-2023-44487). Nomad does not use HTTP2 and is not vulnerable. However we
should pick up the toolchain bump if for no other reason than we don't have to
answer questions about that.
shoenig
shoenig approved these changes Oct 10, 2023
View reviewed changes
Copy link
Member

@shoenig shoenig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tgross tgross merged commit 635afee into main Oct 10, 2023
25 checks passed
@tgross tgross deleted the deps-bump-golang branch October 10, 2023 20:37
@tgross tgross added backport/1.4.x backport to 1.4.x release line backport/1.5.x backport to 1.5.x release line backport/1.6.x backport to 1.6.x release line labels Oct 11, 2023
This was referenced Oct 11, 2023
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shoenig shoenig shoenig approved these changes

@gulducat gulducat gulducat approved these changes

Assignees
No one assigned
Labels
backport/1.4.x backport to 1.4.x release line backport/1.5.x backport to 1.5.x release line backport/1.6.x backport to 1.6.x release line theme/build-infrastructure theme/dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@tgross @shoenig @gulducat