Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade go for various vulnz fixes #32934

Closed
wants to merge 1 commit into from
Closed

Upgrade go for various vulnz fixes #32934

wants to merge 1 commit into from

Conversation

damondouglas
Copy link
Contributor

Per, image scanning vulnerability report, bumps go version to fix:

Thank you for your contribution! Follow this checklist to help us incorporate your contribution quickly and easily:

  • Mention the appropriate issue in your description (for example: addresses #123), if applicable. This will automatically add a link to the pull request in the issue. If you would like the issue to automatically close on merging the pull request, comment fixes #<ISSUE NUMBER> instead.
  • Update CHANGES.md with noteworthy changes.
  • If this contribution is large, please file an Apache Individual Contributor License Agreement.

See the Contributor Guide for more tips on how to make review process smoother.

To check the build health, please visit https://github.com/apache/beam/blob/master/.test-infra/BUILD_STATUS.md

GitHub Actions Tests Status (on master branch)

Build python source distribution and wheels
Python tests
Java tests
Go tests

See CI.md for more information about GitHub Actions CI or the workflows README to see a list of phrases to trigger workflows.

@github-actions github-actions bot added the go label Oct 24, 2024
@damondouglas damondouglas marked this pull request as ready for review October 24, 2024 19:05
@github-actions GitHub Actions
Copy link
Contributor

Assigning reviewers. If you would like to opt out of this review, comment assign to next reviewer:

R: @lostluck for label go.

Available commands:

  • stop reviewer notifications - opt out of the automated review tooling
  • remind me after tests pass - tag the comment author after tests pass
  • waiting on author - shift the attention set back to the author (any comment or push by the author will return the attention set to the reviewers)

The PR bot will only process comments in the main thread (not review comments).

@lostluck
Copy link
Contributor

lostluck commented Oct 24, 2024
edited
Loading

This shouldn't fix anything since we use the latest 1.23 to build things for the release, but I could be wrong.

This just sets the minimum required go version for the project.

Really, we should set toolchain 1.23.2 instead, which will require our builds (but not our users builds) to use the recommended tool chain automatically.

See https://go.dev/ref/mod#go-mod-file-go and https://go.dev/doc/toolchain for more information.

The short version is: we can probably simplify our build scripts to lean on Go to manage these things instead of the shell script we use.

@damondouglas
Copy link
Contributor Author

I was looking at the wrong image.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
go Next Action: Reviewers
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@damondouglas @lostluck