github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
10,410 Commits 3 Branches 4 Tags
16fbbaeeea0b791ccb11442aa59087dc69d5c23f
Commit Graph

6 Commits

Author SHA1 Message Date
Kazuyoshi Kato
a19ad9bb6f Use Go 1.18 to build and test containerd 
Go 1.18 is released. Go 1.16 is no longer supported by the Go team.
golangci-lint is updated since 1.44.2 doesn't support Go 1.18.

Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
 2022-03-18 16:48:25 +00:00
Sebastiaan van Stijn
e0a6f9c7d0 update to go 1.16.15, 1.17.8 to address CVE-2022-24921 
Addresses [CVE-2022-24921](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921)

go 1.16.15
--------------------

go1.16.15 (released 2022-03-03) includes a security fix to the regexp/syntax package,
as well as bug fixes to the compiler, runtime, the go command, and to the net package.
See the Go 1.16.15 milestone on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.16.15+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.16.14...go1.16.15

go 1.17.8
--------------------

go1.17.8 (released 2022-03-03) includes a security fix to the regexp/syntax package,
as well as bug fixes to the compiler, runtime, the go command, and the crypto/x509,
and net packages. See the Go 1.17.8 milestone on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.8+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.17.7...go1.17.8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-03-04 16:53:51 +01:00
Sebastiaan van Stijn
f261498e0e Update Go to 1.16.14, 1.17.7 
Includes security fixes for crypto/elliptic (CVE-2022-23806), math/big (CVE-2022-23772),
and cmd/go (CVE-2022-23773).

go1.17.7 (released 2022-02-10) includes security fixes to the crypto/elliptic,
math/big packages and to the go command, as well as bug fixes to the compiler,
linker, runtime, the go command, and the debug/macho, debug/pe, and net/http/httptest
packages. See the Go 1.17.7 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.7+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.17.6...go1.17.7

Update Go to 1.17.6

go1.17.6 (released 2022-01-06) includes fixes to the compiler, linker, runtime,
and the crypto/x509, net/http, and reflect packages. See the Go 1.17.6 milestone
on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.6+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-02-15 16:28:23 +01:00
Kazuyoshi Kato
8c194d8f3d gha: run CodeQL scan on pull requests 
CodeQL should run on pull requests to avoid post-merge surprises.

Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
 2022-01-10 11:28:32 -08:00
Phil Estes
0207b7ff0e Enable running CodeQL on PRs that modify Action 
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2020-05-15 12:51:48 -04:00
Justin Hutchings
1a06884f18 Add CodeQL Analysis workflow 
Signed-off-by: Justin Hutchings <jhutchings1@github.com>
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2020-05-15 10:15:46 -04:00