Fixing CVE issues by bumping GO and Text versions. #173
Conversation
go.sum
Outdated
| @@ -25,14 +25,11 @@ golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLL | |||
| golang.org/x/net v0.0.0-20210716203947-853a461950ff h1:j2EK/QoxYNBsXI4R7fQkkRUk8y6wnOBI+6hgPdP/6Ds= | |||
There was a problem hiding this comment.
This file is auto-generated.
| @@ -1,15 +1,23 @@ | |||
| module github.com/aws/aws-xray-daemon | |||
There was a problem hiding this comment.
I changed the GO and golang.org/x/text version manually. The other changes were auto-generated by go mod tidy. That includes the additional require block.
|
| @@ -1,15 +1,23 @@ | |||
| module github.com/aws/aws-xray-daemon | |||
|
|
|||
| go 1.16 | |||
| go 1.18 | |||
There was a problem hiding this comment.
In order to affect the version of Golang used in the Docker images, we need to update the version of the Golang base image in the Dockerfiles:
- https://github.com/aws/aws-xray-daemon/blob/master/Dockerfile.amazonlinux#L2
- https://github.com/aws/aws-xray-daemon/blob/master/Dockerfile#L2
And we should bump the version of Go we use in the CI/CD too probably, e.g.
There was a problem hiding this comment.
Good catch. That was off my radar.
go.mod
Outdated
| golang.org/x/net v0.0.0-20210716203947-853a461950ff | ||
| golang.org/x/sys v0.0.0-20210423082822-04245dca01da |
There was a problem hiding this comment.
Can we bump the net and sys packages to latest as well?
Updating the Go version
|
|
Issue #, if available:
Internally tracked
Description of changes:
Bumping GO to version 1.18.
Bumping golang.org/x/text to v0.3.7
Bumping golang.org/x/net to v0.0.0-20220809184613-07c6da5e1ced
Bumping golang.org/x/sys to v0.0.0-20220808155132-1c4a2a72c664
Testing
Ran 'make test'.
Ran the code in Docker. Validated that the container was running.