Go 1.18 is released. Go 1.16 is no longer supported by the Go team.
golangci-lint is updated since 1.44.2 doesn't support Go 1.18.
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
Includes security fixes for crypto/elliptic (CVE-2022-23806), math/big (CVE-2022-23772),
and cmd/go (CVE-2022-23773).
go1.17.7 (released 2022-02-10) includes security fixes to the crypto/elliptic,
math/big packages and to the go command, as well as bug fixes to the compiler,
linker, runtime, the go command, and the debug/macho, debug/pe, and net/http/httptest
packages. See the Go 1.17.7 milestone on our issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.17.7+label%3ACherryPickApproved
full diff: https://github.com/golang/go/compare/go1.17.6...go1.17.7
Update Go to 1.17.6
go1.17.6 (released 2022-01-06) includes fixes to the compiler, linker, runtime,
and the crypto/x509, net/http, and reflect packages. See the Go 1.17.6 milestone
on our issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.17.6+label%3ACherryPickApproved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The current Windows CI setup script assumes it will always be run under
the `azureuser` username.
While this username is defined in the Windows CI GitHub action, the
current version of the script both exposes us to a future risk of
breaking should the CI action be changed, and is also unfriendly to
`curl | sh`-ing it for quick test environment setups.
This patch makes the Windows CI setup script work with any username
provided they have administrative privileges.
Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
This patch standardizes the capitalization of PowerShell commandlets in
the Windows CI setup script in accordance with general PowerShell best
practices.
Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
go1.17.3 (released 2021-11-04) includes security fixes to the archive/zip and
debug/macho packages, as well as bug fixes to the compiler, linker, runtime, the
go command, the misc/wasm directory, and to the net/http and syscall packages.
See the Go 1.17.3 milestone on our issue tracker for details.
From the announcement e-mail:
[security] Go 1.17.3 and Go 1.16.10 are released
We have just released Go versions 1.17.3 and 1.16.10, minor point releases.
These minor releases include two security fixes following the security policy:
- archive/zip: don't panic on (*Reader).Open
Reader.Open (the API implementing io/fs.FS introduced in Go 1.16) can be made
to panic by an attacker providing either a crafted ZIP archive containing
completely invalid names or an empty filename argument.
Thank you to Colin Arnott, SiteHost and Noah Santschi-Cooney, Sourcegraph Code
Intelligence Team for reporting this issue. This is CVE-2021-41772 and Go issue
golang.org/issue/48085.
- debug/macho: invalid dynamic symbol table command can cause panic
Malformed binaries parsed using Open or OpenFat can cause a panic when calling
ImportedSymbols, due to an out-of-bounds slice operation.
Thanks to Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech) for reporting this
issue. This is CVE-2021-41771 and Go issue golang.org/issue/48990.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.17.2 (released 2021-10-07) includes a security fix to the linker and misc/wasm
directory, as well as bug fixes to the compiler, the runtime, the go command, and
to the time and text/template packages. See the Go 1.17.2 milestone on our issue
tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.17.2+label%3ACherryPickApproved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.16.7 (released 2021-08-05) includes a security fix to the net/http/httputil
package, as well as bug fixes to the compiler, the linker, the runtime, the go
command, and the net/http package. See the Go 1.16.7 milestone on the issue
tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.16.7+label%3ACherryPickApproved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
For Periodic Windows runs we installed the latest available golang version.
It seems 1.16.5 is creating problems with go.sum. We now introduce the
ability to install specific versions for required packages when preparing
the testing env.
Signed-off-by: Adelina Tuvenie <atuvenie@cloudbasesolutions.com>
