Skip to content

Commit

Permalink
build: Specify go1.22.2 as toolchain to fix govulncheck issues (#688)
Browse files Browse the repository at this point in the history 
Nix (and therefore devbox) has been slow in rolling out go1.22.2, which
contains CVE fixes. Current version go1.22.1 causes govulncheck to
report valid vulnerabilities in `net/http` package. go1.21 introduced
toolchain management via `go.mod` file with `toolchain` directive. This
commit specifies go1.22.2 as the toolchain to use and hence fixes the
govulncheck issues.

This does mean that go versions have to be managed in multiple places so
this is a stop-gap until Nix releases go1.22.2 to nixpkgs-unstable
channel.
  • Loading branch information
@jimmidyson
jimmidyson authored Apr 17, 2024
1 parent 71a0ae6 commit 32e759b
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ module github.com/mesosphere/mindthegap

go 1.22

toolchain go1.22.2

require (
github.com/aws/aws-sdk-go-v2 v1.26.1
github.com/aws/aws-sdk-go-v2/config v1.27.11
Expand Down

0 comments on commit 32e759b

Please sign in to comment.