[release-1.28] chore: upgrade golang version #2501

andyzhangx · 2024-09-10T07:28:23Z

What type of PR is this?
/kind failing-test

cherrypick of #2498

What this PR does / why we need it:
chore: upgrade golang version

azurefileplugin (gobinary)
==========================
Total: 3 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬─────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                            Title                            │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼─────────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-[34](https://github.com/kubernetes-sigs/azurefile-csi-driver/actions/runs/10708260683/job/29848010527#step:6:35)156 │ HIGH     │ fixed  │ 1.23.0            │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message   │
│         │                │          │        │                   │                │ which contains deeply nested structures...                  │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                  │
│         ├────────────────┼──────────┤        │                   │                ├─────────────────────────────────────────────────────────────┤
│         │ CVE-2024-34155 │ MEDIUM   │        │                   │                │ go/parser: golang: Calling any of the Parse functions       │
│         │                │          │        │                   │                │ containing deeply nested literals...                        │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-3[41](https://github.com/kubernetes-sigs/azurefile-csi-driver/actions/runs/10708260683/job/29848010527#step:6:42)55                  │
│         ├────────────────┤          │        │                   │                ├─────────────────────────────────────────────────────────────┤
│         │ CVE-2024-34158 │          │        │                   │                │ go/build/constraint: golang: Calling Parse on a "// +build" │
│         │                │          │        │                   │                │ build tag line with...                                      │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34158                  │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴─────────────────────────────────────────────────────────────┘

Which issue(s) this PR fixes:

Fixes #

Requirements:

uses conventional commit messages
includes documentation
adds unit tests
tested upgrade from previous version

Special notes for your reviewer:

Release note:

none

k8s-ci-robot · 2024-09-10T07:28:39Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andyzhangx

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [andyzhangx]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

andyzhangx · 2024-09-10T10:58:07Z

/retest

andyzhangx · 2024-09-10T13:52:37Z

/retest

andyzhangx · 2024-09-12T07:44:24Z

/retest

andyzhangx · 2024-09-12T11:42:57Z

/retest

andyzhangx · 2024-09-13T14:26:58Z

/retest

chore: upgrade golang version

262daeb

k8s-ci-robot added kind/failing-test Categorizes issue or PR as related to a consistently or frequently failing test. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Sep 10, 2024

k8s-ci-robot requested a review from cvvz September 10, 2024 07:28

k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Sep 10, 2024

k8s-ci-robot requested a review from edreed September 10, 2024 07:28

k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 10, 2024

andyzhangx removed the request for review from edreed September 10, 2024 07:29

andyzhangx force-pushed the trivy-go-1.28 branch from d255369 to 57db7c5 Compare September 12, 2024 14:20

k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Sep 12, 2024

andyzhangx force-pushed the trivy-go-1.28 branch 2 times, most recently from 2e29cab to 262daeb Compare September 12, 2024 14:32

k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Sep 12, 2024

cleanup: use go 1.22

e681700

andyzhangx merged commit e0a9619 into kubernetes-sigs:release-1.28 Sep 14, 2024
24 of 25 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[release-1.28] chore: upgrade golang version #2501

[release-1.28] chore: upgrade golang version #2501

andyzhangx commented Sep 10, 2024

k8s-ci-robot commented Sep 10, 2024

andyzhangx commented Sep 10, 2024

andyzhangx commented Sep 10, 2024

andyzhangx commented Sep 12, 2024

andyzhangx commented Sep 12, 2024

andyzhangx commented Sep 13, 2024

[release-1.28] chore: upgrade golang version #2501

[release-1.28] chore: upgrade golang version #2501

Conversation

andyzhangx commented Sep 10, 2024

k8s-ci-robot commented Sep 10, 2024

andyzhangx commented Sep 10, 2024

andyzhangx commented Sep 10, 2024

andyzhangx commented Sep 12, 2024

andyzhangx commented Sep 12, 2024

andyzhangx commented Sep 13, 2024