Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade golang from 1.22.4 to 1.23 in codegen #5138

Merged
merged 1 commit into from
Aug 15, 2024

Conversation

caniszczyk
Copy link
Contributor

snyk-top-banner

Snyk has created this PR to fix 4 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

  • tool/codegen/Dockerfile

We recommend upgrading to golang:1.23, as this image has only 89 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
critical severity Link Following
SNYK-DEBIAN12-GIT-6846203
  500  
critical severity Link Following
SNYK-DEBIAN12-GIT-6846203
  500  
critical severity Integer Overflow or Wraparound
SNYK-DEBIAN12-ZLIB-6008963
  500  
low severity CVE-2024-37370
SNYK-DEBIAN12-KRB5-7411314
  364  
low severity CVE-2024-37371
SNYK-DEBIAN12-KRB5-7411315
  364  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@t-kikuc t-kikuc changed the title [Snyk] Security upgrade golang from 1.22.4 to 1.23 [Snyk] Security upgrade golang from 1.22.4 to 1.23 in codegen Aug 15, 2024
@t-kikuc t-kikuc force-pushed the snyk-fix-1bcf5ec3f638e999b3f3a4fd31762f74 branch from b8aaa26 to e8e11b3 Compare August 15, 2024 06:04
Copy link
Member

@t-kikuc t-kikuc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The result of make gen/code did not change.

@t-kikuc t-kikuc enabled auto-merge (squash) August 15, 2024 06:04
@t-kikuc t-kikuc merged commit 0a231c5 into master Aug 15, 2024
21 of 23 checks passed
@t-kikuc t-kikuc deleted the snyk-fix-1bcf5ec3f638e999b3f3a4fd31762f74 branch August 15, 2024 06:07
Copy link

codecov bot commented Aug 15, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 22.80%. Comparing base (c383b7c) to head (e8e11b3).
Report is 1 commits behind head on master.

Additional details and impacted files
@@            Coverage Diff             @@
##           master    #5138      +/-   ##
==========================================
+ Coverage   22.78%   22.80%   +0.02%     
==========================================
  Files         412      412              
  Lines       43827    43827              
==========================================
+ Hits         9986     9996      +10     
+ Misses      33053    33044       -9     
+ Partials      788      787       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions github-actions bot mentioned this pull request Aug 26, 2024
This was referenced Sep 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants