chore: upgrade to go1.22.4 and standard libraries #517

lvrach · 2024-06-05T06:46:51Z

Description

Addressing:

Vulnerability #1: GO-2024-2887
    Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in
    net/netip
  More info: https://pkg.go.dev/vuln/GO-2024-2887
  Standard library
    Found in: net/netip@go1.22.3
    Fixed in: net/netip@go1.22.4
    Example traces found:
      #1: stats/internal/otel/prometheus/exporter.go:113:27: prometheus.collector.Collect calls sync.Once.Do, which eventually calls netip.Addr.IsLoopback
      #2: stats/internal/otel/prometheus/exporter.go:113:27: prometheus.collector.Collect calls sync.Once.Do, which eventually calls netip.Addr.IsMulticast

Linear Ticket

Resolves PIPE-1164

Security

The code changed/added as part of this pull request won't create any security issues with how the software is being used.

chore: upgrade to go1.22.4 and standard libraries

29978e2

lvrach requested review from fracasula, mihir20, BonapartePC and achettyiitr June 5, 2024 06:47

lvrach enabled auto-merge (squash) June 5, 2024 06:49

mihir20 approved these changes Jun 5, 2024

View reviewed changes

achettyiitr approved these changes Jun 5, 2024

View reviewed changes

lvrach merged commit 3283a98 into main Jun 5, 2024
11 checks passed

lvrach deleted the chore.upgrade-go branch June 5, 2024 06:57

devops-github-rudderstack mentioned this pull request Jun 5, 2024

chore: release 0.34.2 #510

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: upgrade to go1.22.4 and standard libraries #517

chore: upgrade to go1.22.4 and standard libraries #517

lvrach commented Jun 5, 2024

chore: upgrade to go1.22.4 and standard libraries #517

chore: upgrade to go1.22.4 and standard libraries #517

Conversation

lvrach commented Jun 5, 2024

Description

Linear Ticket

Security