Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🔒 Updated golang to 1.22.4 to address CVE-2024-24790 #276

Merged
merged 2 commits into from
Jun 23, 2024

Conversation

STAR-173
Copy link
Contributor

@STAR-173 STAR-173 commented Jun 22, 2024

Fixes #275
Updated Golang version from 1.22.1 to 1.22.4

@STAR-173
Copy link
Contributor Author

Hey @roma-glushko,
Pushed a new commit with the required changes as discussed. Please Look into it.

@roma-glushko roma-glushko added area:chores area:build CD, Kubernetes, on-prem, and local deployments type:security Addressing CVE, possible vulnerabilities, etc. labels Jun 23, 2024
Copy link
Member

@roma-glushko roma-glushko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks great to me! Running our pipelines to see if they are still green.

@roma-glushko roma-glushko changed the title Fix: Updated golang version 🔒 Updated golang to 1.22.4 to address CVE-2024-24790 Jun 23, 2024
@roma-glushko roma-glushko merged commit b7e7db4 into EinStack:develop Jun 23, 2024
6 checks passed
@STAR-173 STAR-173 deleted the version-update branch June 23, 2024 22:10
roma-glushko added a commit that referenced this pull request Jun 24, 2024
The first major update with breaking changes to the language chat schemas 
and begging of work on instrumenting the gateway with OpenTelemetry.

### Added

- 🔧 Use github.com/EinStack/glide as module name to support go install cmd (@gernest)
- ✨🔧 Setup Open Telemetry Metrics and Traces (#237) (@gernest)
-  🔧 #221 Add B3 trace propagator (#242) (@gernest)
- 🔧 #241 Support overriding OTEL resource attributes (#243) (@gernest)
- 🔧 #248 Disable span and metrics by default (#254) (@gernest)
- 🔧 #220 Instrument API server with observability signals (#255) (@gernest)
- 🔧 #164 Make client connection pool configurable across all providers (#251) (@daesu)
- 🔧 Instrument gateway process (#256) (@gernest)
- 🔧 #262: adding connection pool for chat request and response (#271) (@tom-fitz)

### Changed

- 🔧 #238 Implements human-readable durations in config (#253) (@ppmdo)
- 🔧 #266: removing omitempty from response definition (#267) (@tom-fitz)

#### Breaking Changes

- 🔧 💥 #235: Extended the non-streaming chat error schema with new fields to give clients more context around the error (#236) (@roma-glushko)
- 💥 Convert all camelCase config fields to the snake_case in the provider configs (#260) (@roma-glushko)
- ✨💥 #153: Allow to pass multiple model-specific param overrides (#264) (@roma-glushko)

### Fixed

- 🐛 #217: Set build info correctly in Glide images (#218) (@roma-glushko)

### Security

- 🔒 Updated golang to 1.22.4 to address CVE-2024-24790 (#276) (@STAR-173)

### Miscellaneous

- 📝 Defined a way to manage EinStack Glide project (#234) (@roma-glushko)
- 👷 #219: Setup local telemetry stack with Jaeger, Grafana, VictoriaMetrics and OTEL Collector (#225) (@roma-glushko)
- 👷‍♂️ Added a new GH action to watch for glide activity stream (#239, #244) (@roma-glushko)
- ✨ Switched to the new docs (@roma-glushko)
- 🔧 #240: Automatically install air (#277, #270) (@ppmdo, @roma-glushko)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area:build CD, Kubernetes, on-prem, and local deployments area:chores type:security Addressing CVE, possible vulnerabilities, etc.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

🔒 Address CVE-2024-24790
2 participants