bump go 1.19.4

$ govulncheck ./... govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback. Scanning for dependencies with known vulnerabilities... Found 1 known vulnerability. Vulnerability #1: GO-2022-1144 An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection. Call stacks in your code: tools/etcd-dump-metrics/main.go:159:31: go.etcd.io/etcd/v3/tools/etcd-dump-metrics.main$4 calls go.etcd.io/etcd/server/v3/embed.StartEtcd, which eventually calls golang.org/x/net/http2.ConfigureServer$1 Found in: golang.org/x/net/http2@v0.2.0 Fixed in: golang.org/x/net/http2@v1.19.4 More info: https://pkg.go.dev/vuln/GO-2022-1144 Vulnerability #2: GO-2022-1144 An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection. Call stacks in your code: contrib/lock/storage/storage.go:106:28: go.etcd.io/etcd/v3/contrib/lock/storage.main calls net/http.ListenAndServe contrib/raftexample/httpapi.go:113:31: go.etcd.io/etcd/v3/contrib/raftexample.serveHTTPKVAPI$1 calls net/http.Server.ListenAndServe tools/etcd-dump-metrics/main.go:159:31: go.etcd.io/etcd/v3/tools/etcd-dump-metrics.main$4 calls go.etcd.io/etcd/server/v3/embed.StartEtcd, which eventually calls net/http.Serve tools/etcd-dump-metrics/main.go:159:31: go.etcd.io/etcd/v3/tools/etcd-dump-metrics.main$4 calls go.etcd.io/etcd/server/v3/embed.StartEtcd, which eventually calls net/http.Server.Serve Found in: net/http@go1.19.3 Fixed in: net/http@go1.19.4 More info: https://pkg.go.dev/vuln/GO-2022-1144 Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-09 07:39:57 +08:00 · 2022-12-09 07:39:57 +08:00 · dccc21bb69
parent dc9e422e28
commit dccc21bb69
15 changed files with 15 additions and 15 deletions
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@ -22,7 +22,7 @@ jobs:
      - uses: actions/checkout@v2
      - uses: actions/setup-go@v2
        with:
-          go-version: "1.19.3"
+          go-version: "1.19.4"
      - env:
          TARGET: ${{ matrix.target }}
        run: |
--- a/.github/workflows/contrib.yaml
+++ b/.github/workflows/contrib.yaml
@ -8,5 +8,5 @@ jobs:
    - uses: actions/checkout@v2
    - uses: actions/setup-go@v2
      with:
-        go-version: "1.19.3"
+        go-version: "1.19.4"
    - run: make -C contrib/mixin tools test
--- a/.github/workflows/coverage.yaml
+++ b/.github/workflows/coverage.yaml
@ -13,7 +13,7 @@ jobs:
    - uses: actions/checkout@v2
    - uses: actions/setup-go@v2
      with:
-        go-version: "1.19.3"
+        go-version: "1.19.4"
    - env:
        TARGET: ${{ matrix.target }}
      run: |
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@ -14,7 +14,7 @@ jobs:
    - uses: actions/checkout@v2
    - uses: actions/setup-go@v2
      with:
-        go-version: "1.19.3"
+        go-version: "1.19.4"
    - run: date
    - env:
        TARGET: ${{ matrix.target }}
--- a/.github/workflows/functional.yaml
+++ b/.github/workflows/functional.yaml
@ -13,7 +13,7 @@ jobs:
    - uses: actions/checkout@v2
    - uses: actions/setup-go@v2
      with:
-        go-version: "1.19.3"
+        go-version: "1.19.4"
    - run: date
    - env:
        TARGET: ${{ matrix.target }}
--- a/.github/workflows/fuzzing.yaml
+++ b/.github/workflows/fuzzing.yaml
@ -12,7 +12,7 @@ jobs:
    - uses: actions/checkout@v2
    - uses: actions/setup-go@v2
      with:
-        go-version: "1.19.3"
+        go-version: "1.19.4"
    - run: GOARCH=amd64 CPU=4 make fuzz
    - uses: actions/upload-artifact@v2
      if: failure()
--- a/.github/workflows/govuln.yaml
+++ b/.github/workflows/govuln.yaml
@ -8,6 +8,6 @@ jobs:
      - uses: actions/checkout@v2
      - uses: actions/setup-go@v2
        with:
-          go-version: "1.19.3"
+          go-version: "1.19.4"
      - run: date
      - run: go install golang.org/x/vuln/cmd/govulncheck@latest && govulncheck ./...
--- a/.github/workflows/grpcproxy.yaml
+++ b/.github/workflows/grpcproxy.yaml
@ -14,7 +14,7 @@ jobs:
    - uses: actions/checkout@v2
    - uses: actions/setup-go@v2
      with:
-        go-version: "1.19.3"
+        go-version: "1.19.4"
    - run: date
    - env:
        TARGET: ${{ matrix.target }}
--- a/.github/workflows/linearizability-nightly.yaml
+++ b/.github/workflows/linearizability-nightly.yaml
@ -12,7 +12,7 @@ jobs:
    - uses: actions/checkout@v2
    - uses: actions/setup-go@v2
      with:
-        go-version: "1.19.3"
+        go-version: "1.19.4"
    - run: |
        make gofail-enable
        make build
--- a/.github/workflows/linearizability.yaml
+++ b/.github/workflows/linearizability.yaml
@ -8,7 +8,7 @@ jobs:
    - uses: actions/checkout@v2
    - uses: actions/setup-go@v2
      with:
-        go-version: "1.19.3"
+        go-version: "1.19.4"
    - run: |
        make gofail-enable
        make build
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@ -8,7 +8,7 @@ jobs:
    - uses: actions/checkout@v2
    - uses: actions/setup-go@v2
      with:
-        go-version: "1.19.3"
+        go-version: "1.19.4"
    - run: |
        git config --global user.email "github-action@etcd.io"
        git config --global user.name "Github Action"
--- a/.github/workflows/static-analysis.yaml
+++ b/.github/workflows/static-analysis.yaml
@ -8,7 +8,7 @@ jobs:
      - uses: actions/checkout@v2
      - uses: actions/setup-go@v2
        with:
-          go-version: "1.19.3"
+          go-version: "1.19.4"
      - name: golangci-lint
        uses: golangci/golangci-lint-action@v3
        with:
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@ -17,7 +17,7 @@ jobs:
    - uses: actions/checkout@v2
    - uses: actions/setup-go@v2
      with:
-        go-version: "1.19.3"
+        go-version: "1.19.4"
    - run: date
    - env:
        TARGET: ${{ matrix.target }}
--- a/tests/functional/Dockerfile
+++ b/tests/functional/Dockerfile
@ -13,7 +13,7 @@ RUN dnf check-update || true \
 ENV GOROOT /usr/local/go
 ENV GOPATH /go
 ENV PATH ${GOPATH}/bin:${GOROOT}/bin:${PATH}
-ENV GO_VERSION 1.19.3
+ENV GO_VERSION 1.19.4
 ENV GO_DOWNLOAD_URL https://storage.googleapis.com/golang
 RUN rm -rf ${GOROOT} \
  && curl -s ${GO_DOWNLOAD_URL}/go${GO_VERSION}.linux-amd64.tar.gz | tar -v -C /usr/local/ -xz \
--- a/tests/manual/Makefile
+++ b/tests/manual/Makefile
@ -1,5 +1,5 @@
 TMP_DOCKERFILE:=$(shell mktemp)
-GO_VERSION ?= 1.19.3
+GO_VERSION ?= 1.19.4
 TMP_DIR_MOUNT_FLAG = --tmpfs=/tmp:exec
 ifdef HOST_TMP_DIR
 	TMP_DIR_MOUNT_FLAG = --mount type=bind,source=$(HOST_TMP_DIR),destination=/tmp