From 1c505b6155e4b1cae4619606a9d4ccfb5ca417a7 Mon Sep 17 00:00:00 2001 From: Christian Schlotter Date: Thu, 4 Apr 2024 10:26:35 +0200 Subject: [PATCH] Bump golang to v1.21.9 and golang.org/x/net to mitigate CVE-2023-45288 --- Makefile | 2 +- Tiltfile | 4 ++-- go.mod | 2 +- go.sum | 4 ++-- hack/tools/go.mod | 2 +- hack/tools/go.sum | 4 ++-- test/go.mod | 2 +- test/go.sum | 4 ++-- 8 files changed, 12 insertions(+), 12 deletions(-) diff --git a/Makefile b/Makefile index 93d504bbff4c..ca6297fbb643 100644 --- a/Makefile +++ b/Makefile @@ -23,7 +23,7 @@ SHELL:=/usr/bin/env bash # # Go. # -GO_VERSION ?= 1.21.8 +GO_VERSION ?= 1.21.9 GO_DIRECTIVE_VERSION ?= 1.21 GO_CONTAINER_IMAGE ?= docker.io/library/golang:$(GO_VERSION) diff --git a/Tiltfile b/Tiltfile index 6dbc6565b120..3f072e883c6c 100644 --- a/Tiltfile +++ b/Tiltfile @@ -184,7 +184,7 @@ def load_provider_tiltfiles(): tilt_helper_dockerfile_header = """ # Tilt image -FROM golang:1.21.8 as tilt-helper +FROM golang:1.21.9 as tilt-helper # Install delve. Note this should be kept in step with the Go release minor version. RUN go install github.com/go-delve/delve/cmd/dlv@v1.21 # Support live reloading with Tilt @@ -195,7 +195,7 @@ RUN wget --output-document /restart.sh --quiet https://raw.githubusercontent.com """ tilt_dockerfile_header = """ -FROM golang:1.21.8 as tilt +FROM golang:1.21.9 as tilt WORKDIR / COPY --from=tilt-helper /process.txt . COPY --from=tilt-helper /start.sh . diff --git a/go.mod b/go.mod index 7997397d4272..fc517aef1be6 100644 --- a/go.mod +++ b/go.mod @@ -157,7 +157,7 @@ require ( go4.org v0.0.0-20201209231011-d4a079459e60 // indirect golang.org/x/crypto v0.21.0 // indirect golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect - golang.org/x/net v0.22.0 // indirect + golang.org/x/net v0.23.0 // indirect golang.org/x/sync v0.6.0 // indirect golang.org/x/sys v0.18.0 // indirect golang.org/x/term v0.18.0 // indirect diff --git a/go.sum b/go.sum index 0ba3f1ab5777..994c46fad06e 100644 --- a/go.sum +++ b/go.sum @@ -630,8 +630,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= -golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= diff --git a/hack/tools/go.mod b/hack/tools/go.mod index ae292174b1bf..fdb0d3e5bf42 100644 --- a/hack/tools/go.mod +++ b/hack/tools/go.mod @@ -143,7 +143,7 @@ require ( golang.org/x/crypto v0.21.0 // indirect golang.org/x/exp v0.0.0-20231108232855-2478ac86f678 // indirect golang.org/x/mod v0.14.0 // indirect - golang.org/x/net v0.22.0 // indirect + golang.org/x/net v0.23.0 // indirect golang.org/x/sync v0.6.0 // indirect golang.org/x/sys v0.18.0 // indirect golang.org/x/term v0.18.0 // indirect diff --git a/hack/tools/go.sum b/hack/tools/go.sum index dac8344e4d9e..72b60db4257c 100644 --- a/hack/tools/go.sum +++ b/hack/tools/go.sum @@ -420,8 +420,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= -golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= diff --git a/test/go.mod b/test/go.mod index d7077283ce47..2138f357bb2d 100644 --- a/test/go.mod +++ b/test/go.mod @@ -21,7 +21,7 @@ require ( github.com/vincent-petithory/dataurl v1.0.0 go.etcd.io/etcd/api/v3 v3.5.13 go.etcd.io/etcd/client/v3 v3.5.13 - golang.org/x/net v0.22.0 + golang.org/x/net v0.23.0 google.golang.org/grpc v1.60.1 k8s.io/api v0.29.3 k8s.io/apiextensions-apiserver v0.29.3 diff --git a/test/go.sum b/test/go.sum index 5d5ec4bf53cf..bd62e947f4f1 100644 --- a/test/go.sum +++ b/test/go.sum @@ -446,8 +446,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= -golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8=