Skip to content

Commit

Permalink
chore: go vuln (#1283)
Browse files Browse the repository at this point in the history
## Description

bumping the go version cause apparently there was a vulnerability

(cherry picked from commit abc5163)

# Conflicts:
#	.github/workflows/check-generated.yml
#	.github/workflows/coverage.yml
#	.github/workflows/e2e-manual.yml
#	.github/workflows/e2e-nightly-34x.yml
#	.github/workflows/e2e.yml
#	.github/workflows/fuzz-nightly.yml
#	.github/workflows/govulncheck.yml
#	.github/workflows/pre-release.yml
#	.github/workflows/release-version.yml
#	.github/workflows/release.yml
#	.github/workflows/tests.yml
#	DOCKER/Dockerfile
#	README.md
#	go.mod
#	go.sum
#	scripts/proto-gen.sh
#	test/docker/Dockerfile
#	test/e2e/docker/Dockerfile
  • Loading branch information
evan-forbes authored and mergify[bot] committed Apr 4, 2024
1 parent 0f2855c commit c0afcc7
Show file tree
Hide file tree
Showing 18 changed files with 139 additions and 0 deletions.
4 changes: 4 additions & 0 deletions .github/workflows/check-generated.yml
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,11 @@ jobs:
steps:
- uses: actions/setup-go@v4
with:
<<<<<<< HEAD
go-version: '1.22'
=======
go-version: "1.22.2"
>>>>>>> abc516304 (chore: go vuln (#1283))

- uses: actions/checkout@v4
with:
Expand Down
14 changes: 14 additions & 0 deletions .github/workflows/coverage.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,11 @@ jobs:
- uses: actions/checkout@v4
- uses: actions/setup-go@v4
with:
<<<<<<< HEAD
go-version: "1.22"
=======
go-version: "1.22.2"
>>>>>>> abc516304 (chore: go vuln (#1283))
- name: Create a file with all the pkgs
run: go list ./... > pkgs.txt
- name: Split pkgs into 4 files
Expand Down Expand Up @@ -48,8 +52,13 @@ jobs:
steps:
- uses: actions/setup-go@v4
with:
<<<<<<< HEAD
go-version: "1.22"
- uses: actions/checkout@v4
=======
go-version: "1.22.2"
- uses: actions/checkout@v3
>>>>>>> abc516304 (chore: go vuln (#1283))
- uses: technote-space/get-diff-action@v6
with:
PATTERNS: |
Expand All @@ -70,8 +79,13 @@ jobs:
steps:
- uses: actions/setup-go@v4
with:
<<<<<<< HEAD
go-version: "1.22"
- uses: actions/checkout@v4
=======
go-version: "1.22.2"
- uses: actions/checkout@v3
>>>>>>> abc516304 (chore: go vuln (#1283))
- uses: technote-space/get-diff-action@v6
with:
PATTERNS: |
Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/e2e-manual.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,11 @@ jobs:
steps:
- uses: actions/setup-go@v4
with:
<<<<<<< HEAD
go-version: '1.22'
=======
go-version: '1.22.2'
>>>>>>> abc516304 (chore: go vuln (#1283))

- uses: actions/checkout@v4

Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/e2e-nightly-34x.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,11 @@ jobs:
steps:
- uses: actions/setup-go@v4
with:
<<<<<<< HEAD
go-version: '1.22'
=======
go-version: '1.22.2'
>>>>>>> abc516304 (chore: go vuln (#1283))

- uses: actions/checkout@v4
with:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/e2e.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,13 @@ jobs:
steps:
- uses: actions/setup-go@v4
with:
<<<<<<< HEAD
go-version: '1.22'
- uses: actions/checkout@v4
=======
go-version: '1.22.2'
- uses: actions/checkout@v3
>>>>>>> abc516304 (chore: go vuln (#1283))
- uses: technote-space/get-diff-action@v6
with:
PATTERNS: |
Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/fuzz-nightly.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,11 @@ jobs:
steps:
- uses: actions/setup-go@v4
with:
<<<<<<< HEAD
go-version: '1.22'
=======
go-version: '1.22.2'
>>>>>>> abc516304 (chore: go vuln (#1283))

- uses: actions/checkout@v4

Expand Down
21 changes: 21 additions & 0 deletions .github/workflows/govulncheck.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ on:
branches:
- v[0-9]+.[0-9]+.x-celestia

<<<<<<< HEAD
# TODO: re-enable after figuring out what needs to get fixed or if this is
# handled upstream in main
# jobs:
Expand All @@ -30,3 +31,23 @@ on:
# - name: govulncheck
# run: make vulncheck
# if: "env.GIT_DIFF != ''"
=======
jobs:
govulncheck:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-go@v3
with:
go-version: "1.22.2"
- uses: actions/checkout@v3
- uses: technote-space/get-diff-action@v6
with:
PATTERNS: |
**/*.go
go.mod
go.sum
Makefile
- name: govulncheck
run: make vulncheck
if: "env.GIT_DIFF != ''"
>>>>>>> abc516304 (chore: go vuln (#1283))
4 changes: 4 additions & 0 deletions .github/workflows/pre-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,11 @@ jobs:

- uses: actions/setup-go@v4
with:
<<<<<<< HEAD
go-version: '1.22'
=======
go-version: '1.22.2'
>>>>>>> abc516304 (chore: go vuln (#1283))

# Similar check to ./release-version.yml, but enforces this when pushing
# tags. The ./release-version.yml check can be bypassed and is mainly
Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/release-version.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,11 @@ jobs:

- uses: actions/setup-go@v4
with:
<<<<<<< HEAD
go-version: '1.22'
=======
go-version: '1.22.2'
>>>>>>> abc516304 (chore: go vuln (#1283))

- name: Check version
run: |
Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,11 @@ jobs:

- uses: actions/setup-go@v4
with:
<<<<<<< HEAD
go-version: '1.22'
=======
go-version: '1.22.2'
>>>>>>> abc516304 (chore: go vuln (#1283))

- name: Generate release notes
run: |
Expand Down
9 changes: 9 additions & 0 deletions .github/workflows/tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,13 @@ jobs:
steps:
- uses: actions/setup-go@v4
with:
<<<<<<< HEAD
go-version: "1.22"
- uses: actions/checkout@v4
=======
go-version: "1.22.2"
- uses: actions/checkout@v3
>>>>>>> abc516304 (chore: go vuln (#1283))
- uses: technote-space/get-diff-action@v6
with:
PATTERNS: |
Expand Down Expand Up @@ -121,7 +126,11 @@ jobs:
# steps:
# - uses: actions/setup-go@v3
# with:
<<<<<<< HEAD
# go-version: "1.22"
=======
# go-version: "1.22.2"
>>>>>>> abc516304 (chore: go vuln (#1283))
# - uses: actions/checkout@v3
# - uses: technote-space/get-diff-action@v6
# with:
Expand Down
4 changes: 4 additions & 0 deletions DOCKER/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
# Use a build arg to ensure that both stages use the same,
# hopefully current, go version.
<<<<<<< HEAD
ARG GOLANG_BASE_IMAGE=golang:1.22-alpine
=======
ARG GOLANG_BASE_IMAGE=golang:1.22.2-alpine
>>>>>>> abc516304 (chore: go vuln (#1283))

# stage 1 Generate CometBFT Binary
FROM --platform=$BUILDPLATFORM $GOLANG_BASE_IMAGE as builder
Expand Down
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,11 @@ This repo intends on preserving the minimal possible diff with [cometbft/cometbf
- **specific to Celestia**: consider if [celestia-app](https://github.com/celestiaorg/celestia-app) is a better target
- **not specific to Celestia**: consider making the contribution upstream in CometBFT

<<<<<<< HEAD
1. [Install Go](https://go.dev/doc/install) 1.22+
=======
1. [Install Go](https://go.dev/doc/install) 1.22.2+
>>>>>>> abc516304 (chore: go vuln (#1283))
2. Fork this repo
3. Clone your fork
4. Find an issue to work on (see [good first issues](https://github.com/celestiaorg/celestia-core/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22))
Expand Down
16 changes: 16 additions & 0 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
module github.com/tendermint/tendermint

<<<<<<< HEAD
go 1.22
=======
go 1.22.2
>>>>>>> abc516304 (chore: go vuln (#1283))

require (
github.com/BurntSushi/toml v1.2.1
Expand Down Expand Up @@ -48,10 +52,17 @@ require (
github.com/vektra/mockery/v2 v2.23.1
go.opentelemetry.io/otel v1.24.0
go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.18.0
<<<<<<< HEAD
go.opentelemetry.io/otel/sdk v1.24.0
golang.org/x/crypto v0.17.0
golang.org/x/net v0.19.0
gonum.org/v1/gonum v0.12.0
=======
go.opentelemetry.io/otel/sdk v1.21.0
golang.org/x/crypto v0.21.0
golang.org/x/net v0.23.0
gonum.org/v1/gonum v0.8.2
>>>>>>> abc516304 (chore: go vuln (#1283))
google.golang.org/grpc v1.59.0
google.golang.org/protobuf v1.31.0
)
Expand Down Expand Up @@ -283,8 +294,13 @@ require (
golang.org/x/exp/typeparams v0.0.0-20230224173230-c95f2b4c22f2 // indirect
golang.org/x/mod v0.11.0 // indirect
golang.org/x/sync v0.3.0 // indirect
<<<<<<< HEAD
golang.org/x/sys v0.17.0 // indirect
golang.org/x/term v0.15.0 // indirect
=======
golang.org/x/sys v0.18.0 // indirect
golang.org/x/term v0.18.0 // indirect
>>>>>>> abc516304 (chore: go vuln (#1283))
golang.org/x/text v0.14.0 // indirect
golang.org/x/tools v0.7.0 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect
Expand Down
26 changes: 26 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -1008,11 +1008,20 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
<<<<<<< HEAD
golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
=======
golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
>>>>>>> abc516304 (chore: go vuln (#1283))
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
Expand Down Expand Up @@ -1110,9 +1119,15 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
<<<<<<< HEAD
golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
=======
golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
>>>>>>> abc516304 (chore: go vuln (#1283))
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
Expand Down Expand Up @@ -1227,8 +1242,13 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
<<<<<<< HEAD
golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
=======
golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
>>>>>>> abc516304 (chore: go vuln (#1283))
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
Expand All @@ -1238,8 +1258,14 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
<<<<<<< HEAD
golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
=======
golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
>>>>>>> abc516304 (chore: go vuln (#1283))
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
Expand Down
4 changes: 4 additions & 0 deletions scripts/proto-gen.sh
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,11 @@ cd "$(git rev-parse --show-toplevel)"

# Run inside Docker to install the correct versions of the required tools
# without polluting the local system.
<<<<<<< HEAD
docker run --rm -i -v "$PWD":/w --workdir=/w golang:1.22-alpine sh <<"EOF"
=======
docker run --rm -i -v "$PWD":/w --workdir=/w golang:1.22.2-alpine sh <<"EOF"
>>>>>>> abc516304 (chore: go vuln (#1283))
apk add git make
go install github.com/bufbuild/buf/cmd/buf
Expand Down
4 changes: 4 additions & 0 deletions test/docker/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,8 @@
<<<<<<< HEAD
FROM golang:1.22
=======
FROM golang:1.22.2
>>>>>>> abc516304 (chore: go vuln (#1283))

# Grab deps (jq, hexdump, xxd, killall)
RUN apt-get update && \
Expand Down
4 changes: 4 additions & 0 deletions test/e2e/docker/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,7 +1,11 @@
# We need to build in a Linux environment to support C libraries, e.g. RocksDB.
# We use Debian instead of Alpine, so that we can use binary database packages
# instead of spending time compiling them.
<<<<<<< HEAD
FROM golang:1.22-bullseye
=======
FROM golang:1.22.2-bullseye
>>>>>>> abc516304 (chore: go vuln (#1283))

RUN apt-get -qq update -y && apt-get -qq upgrade -y >/dev/null
RUN apt-get -qq install -y libleveldb-dev librocksdb-dev >/dev/null
Expand Down

0 comments on commit c0afcc7

Please sign in to comment.