Update to Go 1.23 and bump golang.org/x/crypto v0.36.0 #6060
Conversation
|
Ephemeral COPR build failed. @containers/packit-build please check. |
|
@Luap99 Line 97 in .packit.yaml needs to be adjusted as well. Only do x86_64 arches over there. That will make the f40 testing-farm and rpm build job go away. |
|
@nalind @TomSweeneyRedHat PTAL |
| - fedora-latest-stable-x86_64 | ||
| - fedora-latest-stable-aarch64 | ||
| - fedora-development-x86_64 | ||
| - fedora-development-aarch64 |
There was a problem hiding this comment.
If the goal is to revert the targets changes in the file, a comment saying saying that we’d prefer to use fedora-all-… and that we are restricting F40 because of Go 1.22 would be nice (in both places).
There was a problem hiding this comment.
LGTM otherwise — or if @lsm5 doesn’t think the comments are needed, please merge as is.
LGTM. I won't block on this. While commenting is surely nice, I'm guilty of not doing this in packit config myself. And we can switch back to fedora-all in about 2 months. Besides, I wonder how many people besides upstream maintainers and ones doing CI even care.
Looks like the branch needs a rebase though.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: lsm5, Luap99 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
It really doesn't, there is no merge conflict here. If I have to rebase every time something unrelated merges we never get stuff in timely and waste a bunch of time rebasing. |
Sure, but IIRC, out-of-date branches are blocked from merge on buildah for whatever reason. I noticed that in #5885 at least and I don't remember any conflicts there. But I'll wait for @nalind / @flouthoc to give a slash-lgtm and see if things are different this time. |
|
I'm not aware of a mechanical requirement for rebasing when a PR is out of date, unless there's a merge conflict. |
Looks like you have set this on here so github will block the merge, not sure if the openshift merge bot can merge regardless. |
Oh well, so much to paying attention to buildah CI. Nobody seemed to have noticed that F40 is not tested, anyway now that we bumpt to go 1.23 we can no longer build on it until go 1.23 is shipped on f40 which might still take a few weeks. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This also bumps us to go 1.23 as minimum supported version. Fixes: CVE-2025-22869 Fixes: https://issues.redhat.com/browse/RHEL-82771 Fixes: https://issues.redhat.com/browse/RHEL-81310 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
go 1.22 is to old, once F40 is updated to go 1.23 we can revert this. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
The bot evidently bypasses this (though I could've sworn we configured it to pay attention to branch protection rules a while back) — we've had merge commits within the last week. |
|
The openshift bot is only configured to block on "Total Success" in its config file. However I have seen inconstant results between github merge protection and the bot so honestly I don't even know what the expected behavior around it actually is. |
What type of PR is this?
What this PR does / why we need it:
How to verify it
Which issue(s) this PR fixes:
Fixes: CVE-2025-22869
Fixes: https://issues.redhat.com/browse/RHEL-82771
Fixes: https://issues.redhat.com/browse/RHEL-81310
Special notes for your reviewer:
Does this PR introduce a user-facing change?