etcd
etcd copied to clipboard
etcd-io
Bump go 1.21.10 and 1.22.3
What would you like to be added?
Both 1.21.10 and 1.22.3 include security fixes
Why is this needed?
fix CVE
Completion tracking below:
- [x]
main: go v1.22.3 - #17975 - [x]
release-3.5: go v1.21.10 - #17980 - [x]
release-3.4: go v1.21.10 - #17981 - [x]
CHANGELOG- #18019 - [x]
etcd-io/bboltmain: go v1.22.3 - etcd-io/bbolt#753 - [x]
etcd-io/bboltrelease-1.3: v1.21.10 - etcd-io/bbolt#754 - [x]
etcd-io/raftmain: go v1.22.3 - etcd-io/raft#199
Refer to previous PRs as a reference, i.e., https://github.com/etcd-io/etcd/issues/17269
@ahrtr, do we want to update bbolt and raft? Based on recent conversations I'm unsure if that's the intention.
@ahrtr, do we want to update bbolt and raft? Based on recent conversations I'm unsure if that's the intention.
I think the answer is YES. We follow the same rule as documented in dependency_management.md#golang-versions for all repos, and also https://github.com/etcd-io/etcd/pull/17876
Can we submit the PRs of bumping golang version for etcd (including main, release-3.5 and release-3.4) this week? Otherwise we will keep seeing failed workflow checks.
We also need to release new patches for 3.5 and 3.4 soon.
Can we submit the PRs of bumping golang version for etcd (including main, release-3.5 and release-3.4) this week? Otherwise we will keep seeing failed workflow checks.
We also need to release new patches for 3.5 and 3.4 soon.
It would be nice to have it done ASAP since this is blocking https://github.com/etcd-io/etcd/pull/17973 as the CI will not pass (and we would not like this to spillover to next week).
@ahrtr Maybe I can take over the etcd main branch update so I can proceed with the dependency update normally, while in the meantime @lavishpal can take his/her time working on the rest of the branches? :)
Ping @lavishpal. Would you work on this this week? Otherwise, we may need to reassign to some collaborator who can help with it, as it is making it fail our CI jobs. Thanks.
Hey @lavishpal - Do you have capacity to complete the remainder of the pull requests listed in the completion tracker above https://github.com/etcd-io/etcd/issues/17964#issuecomment-2099276868?
Hey @lavishpal - Do you have capacity to complete the remainder of the pull requests listed in the completion tracker above https://github.com/etcd-io/etcd/issues/17964#issuecomment-2099276868?
Yeah i will complete it by tomorrow.
Wow, that was very quick. Thanks for the PRs, @lavishpal. Please update the ' CHANGELOG ' after closing #17980 and #17981.
Thanks again.
@lavishpal, do you have the capacity to update the CHANGELOGs? As a reference, this is the PR when we updated them to 1.20.13: https://github.com/etcd-io/etcd/pull/17309
Thanks
@lavishpal, do you have the capacity to update the
CHANGELOGs? As a reference, this is the PR when we updated them to 1.20.13: #17309Thanks
@ivanvc Sure i will finish it by tomorrow.
I think we are ready to release new patches for both 3.4 and 3.5. @jmhbnz @spzala
I think we are ready to release new patches for both 3.4 and 3.5. @jmhbnz @spzala
Agree. I've opened the planning issues:
- https://github.com/etcd-io/etcd/issues/18013
- https://github.com/etcd-io/etcd/issues/18014
I am happy to be release lead for v3.5.14, @spzala do you have availability to lead v3.4.33 release?
With all the tasks completed, we can close this issue now. Thanks, @lavishpal, for helping with this.