github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
10,557 Commits 3 Branches 4 Tags
2c6760005c059f8ebb8bbc1a4e39284e55f79024
Commit Graph

7 Commits

Author SHA1 Message Date
Sebastiaan van Stijn
dbdf50cc09 update golang to 1.18.1, 1.17.9 
go1.18.1 (released 2022-04-12) includes security fixes to the crypto/elliptic,
crypto/x509, and encoding/pem packages, as well as bug fixes to the compiler,
linker, runtime, the go command, vet, and the bytes, crypto/x509, and go/types
packages. See the Go 1.18.1 milestone on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.18.1+label%3ACherryPickApproved

Includes fixes for:

- CVE-2022-24675 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675)
- CVE-2022-27536 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27536)
- CVE-2022-28327 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327)

go1.17.9 (released 2022-04-12) includes security fixes to the crypto/elliptic
and encoding/pem packages, as well as bug fixes to the linker and runtime. See
the Go 1.17.9 milestone on the issue tracker for details:

Includes fixes for:

- CVE-2022-24675 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675)
- CVE-2022-28327 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-04-19 09:39:10 +02:00
Kazuyoshi Kato
a19ad9bb6f Use Go 1.18 to build and test containerd 
Go 1.18 is released. Go 1.16 is no longer supported by the Go team.
golangci-lint is updated since 1.44.2 doesn't support Go 1.18.

Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
 2022-03-18 16:48:25 +00:00
Sebastiaan van Stijn
e0a6f9c7d0 update to go 1.16.15, 1.17.8 to address CVE-2022-24921 
Addresses [CVE-2022-24921](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921)

go 1.16.15
--------------------

go1.16.15 (released 2022-03-03) includes a security fix to the regexp/syntax package,
as well as bug fixes to the compiler, runtime, the go command, and to the net package.
See the Go 1.16.15 milestone on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.16.15+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.16.14...go1.16.15

go 1.17.8
--------------------

go1.17.8 (released 2022-03-03) includes a security fix to the regexp/syntax package,
as well as bug fixes to the compiler, runtime, the go command, and the crypto/x509,
and net packages. See the Go 1.17.8 milestone on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.8+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.17.7...go1.17.8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-03-04 16:53:51 +01:00
Sebastiaan van Stijn
f261498e0e Update Go to 1.16.14, 1.17.7 
Includes security fixes for crypto/elliptic (CVE-2022-23806), math/big (CVE-2022-23772),
and cmd/go (CVE-2022-23773).

go1.17.7 (released 2022-02-10) includes security fixes to the crypto/elliptic,
math/big packages and to the go command, as well as bug fixes to the compiler,
linker, runtime, the go command, and the debug/macho, debug/pe, and net/http/httptest
packages. See the Go 1.17.7 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.7+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.17.6...go1.17.7

Update Go to 1.17.6

go1.17.6 (released 2022-01-06) includes fixes to the compiler, linker, runtime,
and the crypto/x509, net/http, and reflect packages. See the Go 1.17.6 milestone
on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.6+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-02-15 16:28:23 +01:00
Kazuyoshi Kato
8c194d8f3d gha: run CodeQL scan on pull requests 
CodeQL should run on pull requests to avoid post-merge surprises.

Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
 2022-01-10 11:28:32 -08:00
Phil Estes
0207b7ff0e Enable running CodeQL on PRs that modify Action 
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2020-05-15 12:51:48 -04:00
Justin Hutchings
1a06884f18 Add CodeQL Analysis workflow 
Signed-off-by: Justin Hutchings <jhutchings1@github.com>
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2020-05-15 10:15:46 -04:00