Skip to content

[v1.7.x] Dockerfile: bump golang container to 1.24#912

Merged
fgiudici merged 1 commit intorancher:v1.7.xfrom
fgiudici:fixDockerfile
Jun 13, 2025
Merged

[v1.7.x] Dockerfile: bump golang container to 1.24#912
fgiudici merged 1 commit intorancher:v1.7.xfrom
fgiudici:fixDockerfile

Conversation

@fgiudici
Copy link
Copy Markdown
Contributor

@fgiudici fgiudici commented Jun 12, 2025

Required since x/crypto lib now requires go version >= 1.23

Related to #dd41431b0b2792f0fca005adf3abc3cf471877c4

@fgiudici
Dockerfile: bump golang container to 1.24
6dbfc77 
Required since vendored x/crypto lib requires go ver >= 1.23

Related to #dd41431b0b2792f0fca005adf3abc3cf471877c4

Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
@fgiudici fgiudici requested a review from a team as a code owner June 12, 2025 13:31
@github-actions github-actions Bot added the area/build build related changes label Jun 12, 2025
@fgiudici fgiudici merged commit 51cbbf9 into rancher:v1.7.x Jun 13, 2025
6 checks passed
fgiudici added a commit to fgiudici/elemental-operator that referenced this pull request Jun 13, 2025
@fgiudici
Dockerfile: bump golang container to 1.24 (rancher#912)
7bc3a99 
Required since vendored x/crypto lib requires go ver >= 1.23

Related to #dd41431b0b2792f0fca005adf3abc3cf471877c4

Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
@fgiudici fgiudici mentioned this pull request Jun 13, 2025
Merged
fgiudici added a commit to fgiudici/elemental-operator that referenced this pull request Jun 13, 2025
@fgiudici
Dockerfile: bump golang container to 1.24 (rancher#912)
e00c6e0 
Required since vendored x/crypto lib requires go ver >= 1.23

Related to #dd41431b0b2792f0fca005adf3abc3cf471877c4

Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
fgiudici added a commit that referenced this pull request Jun 16, 2025
@fgiudici @davidcassany
Bump libraries to incorporate CVE fixes (#913)
43f3b00 
* Bump libraries to incorporate CVE fixes

Bump golang.org/x/net to cover CVE-2025-22870 and fix bsc#1238700.
Bump golang.org/x/crypto to cover CVE-2025-22869 and fix bsc#1239335.

In addition and as a requirement of the new x/crypto library go is bumped to 1.23

Signed-off-by: David Cassany <dcassany@suse.com>

* Dockerfile: bump golang container to 1.24 (#912)

Required since vendored x/crypto lib requires go ver >= 1.23

Related to #dd41431b0b2792f0fca005adf3abc3cf471877c4

Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>

* CVE-2025-22872

Bump golang.org/x/net
GHSA-vvgc-356p-c3xw

Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>

* go mod vendor

Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>

---------

Signed-off-by: David Cassany <dcassany@suse.com>
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
Co-authored-by: David Cassany <dcassany@suse.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@frelon frelon frelon approved these changes

Assignees

No one assigned

Labels

area/build build related changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@fgiudici @frelon