From eeb4eb9f9ec27916f2f2f7d851b4e752efe279fd Mon Sep 17 00:00:00 2001 From: Sean Marciniak <30928402+MovieStoreGuy@users.noreply.github.com> Date: Tue, 28 Jan 2025 19:44:16 +1030 Subject: [PATCH] [chore]: Upgrading go version to v1.21.11 (#37534) #### Description Vulnerability #1: GO-2025-3420 Sensitive headers incorrectly sent after cross-domain redirect in net/http More info: https://pkg.go.dev/vuln/GO-2025-3420 Standard library Found in: net/http@go1.22.8 Fixed in: net/http@go1.22.11 Example traces found: Error: #1: codeowners.go:212:55: githubgen.codeownersGenerator.getGithubMembers calls github.OrganizationsService.ListMembers, which eventually calls http.Client.Do Vulnerability #2: GO-[20](https://github.com/open-telemetry/opentelemetry-collector-contrib/actions/runs/13003223509/job/36265594395?pr=37492#step:6:21)25-3373 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2025-3373 Standard library Found in: crypto/x509@go1.[22](https://github.com/open-telemetry/opentelemetry-collector-contrib/actions/runs/13003223509/job/36265594395?pr=37492#step:6:23).8 Fixed in: crypto/x509@go1.22.11 Example traces found: Related: https://github.com/open-telemetry/opentelemetry-collector/pull/12197 --- .github/workflows/build-and-test-arm.yml | 2 +- .github/workflows/build-and-test-darwin.yaml | 4 ++-- .github/workflows/build-and-test-windows.yml | 2 +- .github/workflows/build-and-test.yml | 20 +++++++++---------- .github/workflows/changelog.yml | 2 +- .github/workflows/check-codeowners.yaml | 2 +- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/e2e-tests-windows.yml | 2 +- .github/workflows/e2e-tests.yml | 8 ++++---- .github/workflows/load-tests.yml | 4 ++-- .github/workflows/prepare-release.yml | 2 +- .../workflows/prometheus-compliance-tests.yml | 2 +- .github/workflows/scoped-test.yaml | 2 +- .github/workflows/telemetrygen.yml | 6 +++--- .github/workflows/tidy-dependencies.yml | 2 +- 15 files changed, 31 insertions(+), 31 deletions(-) diff --git a/.github/workflows/build-and-test-arm.yml b/.github/workflows/build-and-test-arm.yml index b038cc225e54..317887c65c2d 100644 --- a/.github/workflows/build-and-test-arm.yml +++ b/.github/workflows/build-and-test-arm.yml @@ -50,7 +50,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "~1.22.5" + go-version: "~1.22.11" cache: false - name: Cache Go id: go-cache diff --git a/.github/workflows/build-and-test-darwin.yaml b/.github/workflows/build-and-test-darwin.yaml index 6ae971b84192..3235c05491ea 100644 --- a/.github/workflows/build-and-test-darwin.yaml +++ b/.github/workflows/build-and-test-darwin.yaml @@ -29,7 +29,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "~1.22.5" + go-version: "~1.22.11" cache: false - name: Cache Go id: go-cache @@ -70,7 +70,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "~1.22.5" + go-version: "~1.22.11" cache: false - name: Install Tools if: steps.go-cache.outputs.cache-hit != 'true' diff --git a/.github/workflows/build-and-test-windows.yml b/.github/workflows/build-and-test-windows.yml index b4d56ec35f48..ddeea4ae4dbc 100644 --- a/.github/workflows/build-and-test-windows.yml +++ b/.github/workflows/build-and-test-windows.yml @@ -59,7 +59,7 @@ jobs: run: Install-WindowsFeature -name Web-Server -IncludeManagementTools - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Cache Go id: go-mod-cache diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index d830458da194..829198d25e0f 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -26,7 +26,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Cache Go id: go-cache @@ -94,7 +94,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Cache Go id: go-cache @@ -164,7 +164,7 @@ jobs: - name: Setup Go uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Cache Go id: go-cache @@ -188,7 +188,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Cache Go id: go-cache @@ -246,7 +246,7 @@ jobs: strategy: fail-fast: false matrix: - go-version: ["1.23.0", "1.22.8"] # 1.20 is interpreted as 1.2 without quotes + go-version: ["1.23.0", "1.22.11"] # 1.20 is interpreted as 1.2 without quotes runner: [ubuntu-24.04] group: - receiver-0 @@ -363,7 +363,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Cache Go id: go-cache @@ -402,7 +402,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Cache Go id: go-cache @@ -429,7 +429,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Cache Go id: go-cache @@ -501,7 +501,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Cache Go id: go-cache @@ -551,7 +551,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Mkdir bin and dist run: | diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 50efb4040a6d..f63252da003a 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -35,7 +35,7 @@ jobs: fetch-depth: 0 - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Cache Go id: go-cache diff --git a/.github/workflows/check-codeowners.yaml b/.github/workflows/check-codeowners.yaml index d700b1dc5b06..f7763b7c1e41 100644 --- a/.github/workflows/check-codeowners.yaml +++ b/.github/workflows/check-codeowners.yaml @@ -30,7 +30,7 @@ jobs: - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Cache Go Tools diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 8d4883c3dd11..e536e4616a6b 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -24,7 +24,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false # Initializes the CodeQL tools for scanning. diff --git a/.github/workflows/e2e-tests-windows.yml b/.github/workflows/e2e-tests-windows.yml index 69b3f8ac8027..91fe3648e2fb 100644 --- a/.github/workflows/e2e-tests-windows.yml +++ b/.github/workflows/e2e-tests-windows.yml @@ -118,7 +118,7 @@ jobs: - name: Setup Go uses: actions/setup-go@v5 with: - go-version: ~1.22.8 + go-version: ~1.22.11 cache: false - name: Cache Go uses: actions/cache@v4 diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index 7eb204dff8fe..c355b0cfc179 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Cache Go id: go-cache @@ -57,7 +57,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Cache Go id: go-cache @@ -89,7 +89,7 @@ jobs: uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Cache Go id: go-cache @@ -137,7 +137,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Cache Go id: go-cache diff --git a/.github/workflows/load-tests.yml b/.github/workflows/load-tests.yml index 03ddfe36bfed..7b575ee0ee1e 100644 --- a/.github/workflows/load-tests.yml +++ b/.github/workflows/load-tests.yml @@ -28,7 +28,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Cache Go id: go-cache @@ -67,7 +67,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Cache Go id: go-cache diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml index f0f5e86f3d22..38519c18178f 100644 --- a/.github/workflows/prepare-release.yml +++ b/.github/workflows/prepare-release.yml @@ -26,7 +26,7 @@ jobs: path: opentelemetry-collector-contrib - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Prepare release for contrib working-directory: opentelemetry-collector-contrib diff --git a/.github/workflows/prometheus-compliance-tests.yml b/.github/workflows/prometheus-compliance-tests.yml index 4d46370937b8..721da837bc08 100644 --- a/.github/workflows/prometheus-compliance-tests.yml +++ b/.github/workflows/prometheus-compliance-tests.yml @@ -31,7 +31,7 @@ jobs: path: opentelemetry-collector-contrib - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Cache Go id: go-cache diff --git a/.github/workflows/scoped-test.yaml b/.github/workflows/scoped-test.yaml index d0139df299f8..9b755d2fe661 100644 --- a/.github/workflows/scoped-test.yaml +++ b/.github/workflows/scoped-test.yaml @@ -46,7 +46,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Try to restore go-cache diff --git a/.github/workflows/telemetrygen.yml b/.github/workflows/telemetrygen.yml index b80245e3c62f..995598aae371 100644 --- a/.github/workflows/telemetrygen.yml +++ b/.github/workflows/telemetrygen.yml @@ -28,7 +28,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Cache Go id: go-cache @@ -67,7 +67,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Cache Go id: go-cache @@ -112,7 +112,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Cache Go id: go-cache diff --git a/.github/workflows/tidy-dependencies.yml b/.github/workflows/tidy-dependencies.yml index a35e5c882ed1..6ec52ee6c179 100644 --- a/.github/workflows/tidy-dependencies.yml +++ b/.github/workflows/tidy-dependencies.yml @@ -21,7 +21,7 @@ jobs: ref: ${{ github.head_ref }} - uses: actions/setup-go@v5 with: - go-version: "1.22.8" + go-version: "1.22.11" cache: false - name: Cache Go id: go-cache