You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@beam.apache.org by da...@apache.org on 2023/12/13 12:40:58 UTC
(beam) 01/01: Upgrade go version to resolve vulnerabilities
This is an automated email from the ASF dual-hosted git repository.
damccorm pushed a commit to branch users/damccorm/goVersion
in repository https://gitbox.apache.org/repos/asf/beam.git
commit 1516cbd2c42b180a5e0d458e3d7a65abee21ad82
Author: Danny McCormick <da...@google.com>
AuthorDate: Wed Dec 13 07:40:43 2023 -0500
Upgrade go version to resolve vulnerabilities
---
CHANGES.md | 2 +-
buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 70ce1a70b7e..cf7ef0d4db0 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -81,7 +81,7 @@
## Breaking Changes
-* X behavior was changed ([#X](https://github.com/apache/beam/issues/X)).
+* Upgraded to go 1.21.5 to build, fixing [CVE-2023-45285](https://security-tracker.debian.org/tracker/CVE-2023-45285) and [CVE-2023-39326](https://security-tracker.debian.org/tracker/CVE-2023-39326)
## Deprecations
diff --git a/buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy b/buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy
index b5465442a1d..82ab2593cb6 100644
--- a/buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy
+++ b/buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy
@@ -2205,7 +2205,7 @@ class BeamModulePlugin implements Plugin<Project> {
def goRootDir = "${project.rootDir}/sdks/go"
// This sets the whole project Go version.
- project.ext.goVersion = "go1.21.4"
+ project.ext.goVersion = "go1.21.5"
// Minor TODO: Figure out if we can pull out the GOCMD env variable after goPrepare script
// completion, and avoid this GOBIN substitution.