From 12756071f120a13f5be9cccb574fe19ae325b7c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Tue, 4 Feb 2025 20:26:31 +0100 Subject: [PATCH] update to go1.23.6 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This minor release include 1 security fix following the security policy: - crypto/elliptic: timing sidechannel for P-256 on ppc64le Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols. This is CVE-2025-22866 and Go issue https://go.dev/issue/71383. View the release notes for more information: https://go.dev/doc/devel/release#go1.23.6 Signed-off-by: Paweł Gronowski --- .github/workflows/.test.yml | 2 +- .github/workflows/.windows.yml | 2 +- .github/workflows/arm64.yml | 2 +- .github/workflows/buildkit.yml | 2 +- .github/workflows/codeql.yml | 2 +- .github/workflows/test.yml | 2 +- .golangci.yml | 2 +- Dockerfile | 2 +- Dockerfile.simple | 2 +- Dockerfile.windows | 2 +- hack/dockerfiles/generate-files.Dockerfile | 2 +- hack/dockerfiles/govulncheck.Dockerfile | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/.test.yml b/.github/workflows/.test.yml index 2203ab7530..20a9abffd3 100644 --- a/.github/workflows/.test.yml +++ b/.github/workflows/.test.yml @@ -21,7 +21,7 @@ on: default: "graphdriver" env: - GO_VERSION: "1.23.5" + GO_VERSION: "1.23.6" GOTESTLIST_VERSION: v0.3.1 TESTSTAT_VERSION: v0.1.25 ITG_CLI_MATRIX_SIZE: 6 diff --git a/.github/workflows/.windows.yml b/.github/workflows/.windows.yml index 2643c7cb1e..611a52c343 100644 --- a/.github/workflows/.windows.yml +++ b/.github/workflows/.windows.yml @@ -28,7 +28,7 @@ on: default: false env: - GO_VERSION: "1.23.5" + GO_VERSION: "1.23.6" GOTESTLIST_VERSION: v0.3.1 TESTSTAT_VERSION: v0.1.25 WINDOWS_BASE_IMAGE: mcr.microsoft.com/windows/servercore diff --git a/.github/workflows/arm64.yml b/.github/workflows/arm64.yml index c6fa14a054..68527c8212 100644 --- a/.github/workflows/arm64.yml +++ b/.github/workflows/arm64.yml @@ -23,7 +23,7 @@ on: pull_request: env: - GO_VERSION: "1.23.5" + GO_VERSION: "1.23.6" TESTSTAT_VERSION: v0.1.25 DESTDIR: ./build SETUP_BUILDX_VERSION: edge diff --git a/.github/workflows/buildkit.yml b/.github/workflows/buildkit.yml index 381eb569e8..878d870b75 100644 --- a/.github/workflows/buildkit.yml +++ b/.github/workflows/buildkit.yml @@ -23,7 +23,7 @@ on: pull_request: env: - GO_VERSION: "1.23.5" + GO_VERSION: "1.23.6" DESTDIR: ./build SETUP_BUILDX_VERSION: edge SETUP_BUILDKIT_IMAGE: moby/buildkit:latest diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 159a36886f..9c7bb9a2b1 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -58,7 +58,7 @@ jobs: - name: Update Go uses: actions/setup-go@v5 with: - go-version: "1.23.5" + go-version: "1.23.6" - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2adeabbd5c..bad07ffbfb 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -23,7 +23,7 @@ on: pull_request: env: - GO_VERSION: "1.23.5" + GO_VERSION: "1.23.6" GIT_PAGER: "cat" PAGER: "cat" SETUP_BUILDX_VERSION: edge diff --git a/.golangci.yml b/.golangci.yml index 181b4e6a0b..69514ad28e 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -23,7 +23,7 @@ linters: run: # prevent golangci-lint from deducting the go version to lint for through go.mod, # which causes it to fallback to go1.17 semantics. - go: "1.23.5" + go: "1.23.6" concurrency: 2 # Only supported with go modules enabled (build flag -mod=vendor only valid when using modules) # modules-download-mode: vendor diff --git a/Dockerfile b/Dockerfile index f6a8d68dea..3946880e00 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1.7 -ARG GO_VERSION=1.23.5 +ARG GO_VERSION=1.23.6 ARG BASE_DEBIAN_DISTRO="bookworm" ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}" ARG XX_VERSION=1.6.1 diff --git a/Dockerfile.simple b/Dockerfile.simple index 76bdcbf999..53fbb35096 100644 --- a/Dockerfile.simple +++ b/Dockerfile.simple @@ -5,7 +5,7 @@ # This represents the bare minimum required to build and test Docker. -ARG GO_VERSION=1.23.5 +ARG GO_VERSION=1.23.6 ARG BASE_DEBIAN_DISTRO="bookworm" ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}" diff --git a/Dockerfile.windows b/Dockerfile.windows index e1a56fd7ba..997dcdce6f 100644 --- a/Dockerfile.windows +++ b/Dockerfile.windows @@ -161,7 +161,7 @@ FROM ${WINDOWS_BASE_IMAGE}:${WINDOWS_BASE_IMAGE_TAG} # Use PowerShell as the default shell SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] -ARG GO_VERSION=1.23.5 +ARG GO_VERSION=1.23.6 ARG GOTESTSUM_VERSION=v1.8.2 ARG GOWINRES_VERSION=v0.3.1 ARG CONTAINERD_VERSION=v1.7.25 diff --git a/hack/dockerfiles/generate-files.Dockerfile b/hack/dockerfiles/generate-files.Dockerfile index f7f5c2d8c2..908464f6f0 100644 --- a/hack/dockerfiles/generate-files.Dockerfile +++ b/hack/dockerfiles/generate-files.Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.23.5 +ARG GO_VERSION=1.23.6 ARG BASE_DEBIAN_DISTRO="bookworm" ARG PROTOC_VERSION=3.11.4 diff --git a/hack/dockerfiles/govulncheck.Dockerfile b/hack/dockerfiles/govulncheck.Dockerfile index 22dd325a91..fa1d91ebfb 100644 --- a/hack/dockerfiles/govulncheck.Dockerfile +++ b/hack/dockerfiles/govulncheck.Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.23.5 +ARG GO_VERSION=1.23.6 ARG GOVULNCHECK_VERSION=v1.1.3 ARG FORMAT=text