etcd icon indicating copy to clipboard operation
etcd copied to clipboard
Published 3 weeks ago verified publisher icon etcd-io

Update Go main branch to 1.23.1 release branches to 1.22.7

Open ivanvc opened this issue 1 year ago • 6 comments

What would you like to be added?

Go 1.23.1 and 1.22.7 were released today. They include fixes for CVE-2024-34155, CVE-2022-30635, CVE-2024-34156, and CVE-2024-34158.

Completion tracking below:

  • [ ] etcd/main - #18444
  • [x] etcd/release-3.5 - #18550
  • [x] etcd/release-3.4 - #18549
  • [ ] bbolt/main
  • [ ] bbolt/release-1.3
  • [ ] raft/main
  • [ ] gofail/main
  • [x] auger/main https://github.com/etcd-io/auger/pull/111
  • [x] CHANGELOGs - #18553

Why is this needed?

To keep the project up to date with the latest released Go version and run on supported versions.

Why is this needed?

To keep the project updated with the latest released Go version and address the vulnerabilities.

ivanvc avatar Sep 05 '24 18:09 ivanvc

Supersedes #18443.

ivanvc avatar Sep 05 '24 18:09 ivanvc

Let's bump go1.22.7 for both 3.5 and 3.4 as a priority, thanks

ahrtr avatar Sep 05 '24 18:09 ahrtr

I'll do 3.4, 3.5, and the CHANGELOG today.

ivanvc avatar Sep 05 '24 18:09 ivanvc

/assign

ivanvc avatar Sep 05 '24 18:09 ivanvc

/assign I will do the rest

henrybear327 avatar Sep 05 '24 18:09 henrybear327

/assign I can share a few with @henrybear327

ArkaSaha30 avatar Sep 05 '24 19:09 ArkaSaha30

With kubernetes/test-infra#33452 merged (which fixes the govulncheck presubmit job). It will fail for all PR targeting the main branch, as it still uses Go 1.22.6.

Should we update main to 1.22.7 while we're working on https://github.com/etcd-io/etcd/pull/18444?

ivanvc avatar Sep 10 '24 21:09 ivanvc

Should we update main to 1.22.7 while we're working on #18444?

Agreed. It should be a quick fix.

ahrtr avatar Sep 11 '24 09:09 ahrtr

Should we update main to 1.22.7 while we're working on #18444?

Agreed. It should be a quick fix.

I will do this for now! @ahrtr @ivanvc

I have been making changes in the test-infra, but since the upstream is still on 1.22.x, I have been experimenting with creating a new 1.23.1 docker image that we can use for our pipeline. Will see what the maintainers there think about the change! :)

henrybear327 avatar Sep 11 '24 13:09 henrybear327

Hi @henrybear327, it looks like the kubekins image now supports Go 1.23.0, as it was done in the pull request https://github.com/kubernetes/test-infra/pull/33408. Would you still like to update the main branch to 1.23.1, or should we assign it to someone else?

Thanks.

ivanvc avatar Sep 26 '24 05:09 ivanvc

Hi @henrybear327, it looks like the kubekins image now supports Go 1.23.0, as it was done in the pull request kubernetes/test-infra#33408. Would you still like to update the main branch to 1.23.1, or should we assign it to someone else?

Thanks.

@ivanvc I will push out my local branch in a bit (I had it done a while ago already!)

Thanks!

henrybear327 avatar Sep 26 '24 08:09 henrybear327

Thanks, team. I'm closing this issue as there are no remaining tasks. :tada:

ivanvc avatar Sep 29 '24 03:09 ivanvc