Skip to content

Chore: update build image to use Go 1.24.6 #6970

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 15, 2025
Merged

Chore: update build image to use Go 1.24.6 #6970

merged 1 commit into from
Aug 15, 2025

Conversation

EpiJunkie
Copy link
Contributor

@EpiJunkie EpiJunkie commented Aug 15, 2025
edited
Loading

Update build image to address vulnerabilities:

Checklist

  • Tests updated
  • Documentation added
  • CHANGELOG.md updated - the order of entries should be [CHANGE], [FEATURE], [ENHANCEMENT], [BUGFIX]

@dosubot dosubot bot added component/build go Pull requests that update Go code type/security labels Aug 15, 2025
@EpiJunkie EpiJunkie force-pushed the patch_cves_in_52b9672 branch from 5022dc8 to 46938ab Compare August 15, 2025 14:25
@EpiJunkie EpiJunkie changed the title Chore: update build image to use Go 1.24.6 and update chi to 5.2.2 Chore: update build image to use Go 1.24.6 Aug 15, 2025
@EpiJunkie
Copy link
Contributor Author

Removed update to chi as there is a preexisting PR for it:

@EpiJunkie
Chore: upgrade Go to address high and medium CVEs
428890b 
Vulnerabilities:
* CVE-2025-47907 - Fixed by Go 1.24.6
* CVE-2025-4674 - Fixed by Go 1.24.5
* CVE-2025-22874 - Fixed by Go 1.24.4
* CVE-2025-0913 - Fixed by Go 1.24.4
* CVE-2025-4673 - Fixed by Go 1.24.4

---------

Signed-off-by: Justin Holcomb <justin@justinholcomb.me>
@EpiJunkie EpiJunkie force-pushed the patch_cves_in_52b9672 branch from 46938ab to 428890b Compare August 15, 2025 14:30
friedrichg
friedrichg approved these changes Aug 15, 2025
View reviewed changes
Copy link
Member

@friedrichg friedrichg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks dude!

@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Aug 15, 2025
@friedrichg friedrichg merged commit 59491e9 into cortexproject:master Aug 15, 2025
3 checks passed
@friedrichg
Copy link
Member

Please see https://cortexmetrics.io/docs/contributing/how-to-update-the-build-image/ for the rest of the procedure

@EpiJunkie EpiJunkie deleted the patch_cves_in_52b9672 branch August 16, 2025 00:12
@EpiJunkie EpiJunkie mentioned this pull request Aug 16, 2025
Merged
3 tasks
aclaygray pushed a commit to aclaygray/cortex that referenced this pull request Aug 18, 2025
@EpiJunkie @aclaygray
Chore: upgrade Go to address high and medium CVEs (cortexproject#6970)
7e2bc04 
Vulnerabilities:
* CVE-2025-47907 - Fixed by Go 1.24.6
* CVE-2025-4674 - Fixed by Go 1.24.5
* CVE-2025-22874 - Fixed by Go 1.24.4
* CVE-2025-0913 - Fixed by Go 1.24.4
* CVE-2025-4673 - Fixed by Go 1.24.4

---------

Signed-off-by: Justin Holcomb <justin@justinholcomb.me>
Signed-off-by: Andrew Gray <agray@splunk.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@friedrichg friedrichg friedrichg approved these changes

Assignees

No one assigned

Labels

component/build go Pull requests that update Go code lgtm This PR has been approved by a maintainer size/XS type/security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@EpiJunkie @friedrichg