update to go1.23.1, go1.22.7

- https://github.com/golang/go/issues?q=milestone%3AGo1.23.1+label%3ACherryPickApproved - full diff: https://github.com/golang/go/compare/go1.23.0...go1.23.1 These minor releases include 3 security fixes following the security policy: - go/parser: stack exhaustion in all Parse* functions Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. This is CVE-2024-34155 and Go issue https://go.dev/issue/69138. - encoding/gob: stack exhaustion in Decoder.Decode Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Thanks to Md Sakib Anwar of The Ohio State University for reporting this issue. This is CVE-2024-34156 and Go issue https://go.dev/issue/69139. - go/build/constraint: stack exhaustion in Parse Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. This is CVE-2024-34158 and Go issue https://go.dev/issue/69141. View the release notes for more information: https://go.dev/doc/devel/release#go1.23.1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-06 16:12:28 +02:00 · 2024-09-06 16:12:28 +02:00 · 9037069da8
commit 9037069da8
parent e013322eed
9 changed files with 10 additions and 10 deletions
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@ -12,7 +12,7 @@
 	"features": {
 		"ghcr.io/devcontainers/features/docker-in-docker:2": {},
 		"ghcr.io/devcontainers/features/go:1": {
-			"version": "1.23.0"
+			"version": "1.23.1"
 		}
 	},

--- a/.github/actions/install-go/action.yml
+++ b/.github/actions/install-go/action.yml
@ -3,7 +3,7 @@ description: "Reusable action to install Go, so there is one place to bump Go ve
 inputs:
  go-version:
    required: true
-    default: "1.23.0"
+    default: "1.23.1"
    description: "Go version to install"

 runs:
--- a/.github/workflows/api-release.yml
+++ b/.github/workflows/api-release.yml
@ -6,7 +6,7 @@ on:
 name: API Release

 env:
-  GO_VERSION: "1.23.0"
+  GO_VERSION: "1.23.1"

 permissions: # added using https://github.com/step-security/secure-workflows
  contents: read
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -191,7 +191,7 @@ jobs:
    strategy:
      matrix:
        os: [ubuntu-22.04, ubuntu-24.04, actuated-arm64-4cpu-16gb, macos-12, windows-2019, windows-2022]
-        go-version: ["1.22.6", "1.23.0"]
+        go-version: ["1.22.7", "1.23.1"]
        exclude:
          - os: ${{ github.repository != 'containerd/containerd' && 'actuated-arm64-4cpu-16gb' }}
    steps:
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -13,7 +13,7 @@ on:
 name: Release

 env:
-  GO_VERSION: "1.23.0"
+  GO_VERSION: "1.23.1"

 permissions: # added using https://github.com/step-security/secure-workflows
  contents: read
--- a/2
+++ b/2
@ -104,7 +104,7 @@ EOF
  config.vm.provision "install-golang", type: "shell", run: "once" do |sh|
    sh.upload_path = "/tmp/vagrant-install-golang"
    sh.env = {
-        'GO_VERSION': ENV['GO_VERSION'] || "1.23.0",
+        'GO_VERSION': ENV['GO_VERSION'] || "1.23.1",
    }
    sh.inline = <<~SHELL
        #!/usr/bin/env bash
--- a/contrib/Dockerfile.test
+++ b/contrib/Dockerfile.test
@ -29,7 +29,7 @@
 #   docker run --privileged containerd-test
 # ------------------------------------------------------------------------------

-ARG GOLANG_VERSION=1.23.0
+ARG GOLANG_VERSION=1.23.1
 ARG GOLANG_IMAGE=golang

 FROM ${GOLANG_IMAGE}:${GOLANG_VERSION} AS golang
--- a/contrib/fuzz/oss_fuzz_build.sh
+++ b/contrib/fuzz/oss_fuzz_build.sh
@ -43,11 +43,11 @@ go run main.go --target_dir $SRC/containerd/images

 apt-get update && apt-get install -y wget
 cd $SRC
-wget --quiet https://go.dev/dl/go1.23.0.linux-amd64.tar.gz
+wget --quiet https://go.dev/dl/go1.23.1.linux-amd64.tar.gz

 mkdir temp-go
 rm -rf /root/.go/*
-tar -C temp-go/ -xzf go1.23.0.linux-amd64.tar.gz
+tar -C temp-go/ -xzf go1.23.1.linux-amd64.tar.gz
 mv temp-go/go/* /root/.go/
 cd $SRC/containerd

--- a/script/setup/prepare_env_windows.ps1
+++ b/script/setup/prepare_env_windows.ps1
@ -5,7 +5,7 @@
 # lived test environment.
 Set-MpPreference -DisableRealtimeMonitoring:$true

-$PACKAGES= @{ mingw = "10.2.0"; git = ""; golang = "1.23.0"; make = ""; nssm = "" }
+$PACKAGES= @{ mingw = "10.2.0"; git = ""; golang = "1.23.1"; make = ""; nssm = "" }

 Write-Host "Downloading chocolatey package"
 curl.exe -L "https://packages.chocolatey.org/chocolatey.0.10.15.nupkg" -o 'c:\choco.zip'