Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update deps required to build with go1.24-27093581 #814

Merged
merged 4 commits into from
Nov 22, 2024
Merged

Update deps required to build with go1.24-27093581 #814

merged 4 commits into from
Nov 22, 2024

Conversation

dveeden
Copy link
Contributor

@dveeden dveeden commented Aug 19, 2024
edited
Loading

What problem does this PR solve?

Issue Number: close #813 ref #819

Also resolves https://github.com/pingcap/tidb-tools/security/dependabot/28

What is changed and how it works?

Check List

Tests

  • Manual test (add detailed scripts or steps below)

@ti-chi-bot ti-chi-bot bot requested a review from JmPotato August 19, 2024 08:41
@ti-chi-bot ti-chi-bot bot added the size/XL label Aug 19, 2024
@wuhuizuo
Copy link
Contributor

See the beautiful fix in tidb.
The fix is ​​more elegant. The main thing here is to update the version of the tidb dependency. This change is forward compatible with the golang version: the runtime.Version() method exists at least in go 1.0.0.

wuhuizuo
wuhuizuo reviewed Aug 19, 2024
View reviewed changes
go.mod Outdated
go.etcd.io/etcd/client/v3 v3.5.12
go.etcd.io/etcd/tests/v3 v3.5.12
go.uber.org/atomic v1.11.0
go.uber.org/zap v1.27.0
google.golang.org/grpc v1.62.1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we upgrade it in another PR, also for github.com/BurntSushi/toml.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So for grpc and toml you want separate PR's?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I recommend keeping it single-purpose

So for grpc and toml you want separate PR's?

@dveeden
Copy link
Contributor Author

dveeden commented Aug 20, 2024 

dvaneeden@dve-carbon:~/dev/pingcap/tidb-tools$ govulncheck ./...
=== Symbol Results ===

Vulnerability #1: GO-2024-2918
    Azure Identity Libraries Elevation of Privilege Vulnerability in
    github.com/Azure/azure-sdk-for-go/sdk/azidentity
  More info: https://pkg.go.dev/vuln/GO-2024-2918
  Module: github.com/Azure/azure-sdk-for-go/sdk/azidentity
    Found in: github.com/Azure/azure-sdk-for-go/sdk/[email protected]
    Fixed in: github.com/Azure/azure-sdk-for-go/sdk/[email protected]
    Example traces found:
      #1: pkg/utils/util.go:50:30: utils.GetJSON calls ioutil.ReadAll, which eventually calls azidentity.ClientSecretCredential.GetToken

Your code is affected by 1 vulnerability from 1 module.
This scan also found 0 vulnerabilities in packages you import and 1
vulnerability in modules you require, but your code doesn't appear to call these
vulnerabilities.
Use '-show verbose' for more details.

This was referenced Nov 21, 2024
Closed
Merged
@ti-chi-bot ti-chi-bot bot added the lgtm label Nov 22, 2024
@ti-chi-bot ti-chi-bot
Copy link

ti-chi-bot bot commented Nov 22, 2024

[LGTM Timeline notifier]

Timeline:

  • 2024-11-22 14:01:46.482087904 +0000 UTC m=+213094.101742420: ☑️ agreed by Defined2014.

@ti-chi-bot ti-chi-bot bot added the approved label Nov 22, 2024
@Defined2014 Defined2014 requested a review from mjonss November 22, 2024 14:02
@ti-chi-bot ti-chi-bot
Copy link

ti-chi-bot bot commented Nov 22, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Defined2014, mjonss

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ti-chi-bot ti-chi-bot bot merged commit c85ad9c into pingcap:master Nov 22, 2024
4 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wuhuizuo wuhuizuo wuhuizuo left review comments

@Defined2014 Defined2014 Defined2014 approved these changes

@mjonss mjonss mjonss approved these changes

@JmPotato JmPotato Awaiting requested review from JmPotato

@jebter jebter Awaiting requested review from jebter

@okJiang okJiang Awaiting requested review from okJiang

@hongyunyan hongyunyan Awaiting requested review from hongyunyan

@Benjamin2037 Benjamin2037 Awaiting requested review from Benjamin2037

Assignees
No one assigned
Labels
approved lgtm release-note-none size/XL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

sync_diff_inspector: doesn't build with gotip
4 participants
@dveeden @wuhuizuo @mjonss @Defined2014