Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit7f6cefd

Browse files
authored
fix: upgrade to 1.24.6 to fix race in lib/pq queries (#19214) (#19219)
THIS IS A SECURITY FIX - cherry-picks#19214 upgrade to go 1.24.6 to avoidgolang/go#74831(CVE-2025-47907)Also points to a new version of our lib/pq fork that worked around theGo issue, which should restore better performance.
1 parent9df4992 commit7f6cefd

File tree

4 files changed

+6
-6
lines changed

4 files changed

+6
-6
lines changed

‎.github/actions/setup-go/action.yaml‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ description: |
44
inputs:
55
version:
66
description:"The Go version to use."
7-
default:"1.24.4"
7+
default:"1.24.6"
88
use-preinstalled-go:
99
description:"Whether to use preinstalled Go."
1010
default:"false"

‎dogfood/coder/Dockerfile‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ RUN cargo install jj-cli typos-cli watchexec-cli
1111
FROM ubuntu:jammy@sha256:0e5e4a57c2499249aafc3b40fcd541e9a456aab7296681a3994d631587203f97 AS go
1212

1313
# Install Go manually, so that we can control the version
14-
ARG GO_VERSION=1.24.4
14+
ARG GO_VERSION=1.24.6
1515

1616
# Boring Go is needed to build FIPS-compliant binaries.
1717
RUN apt-get update && \

‎go.mod‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
modulegithub.com/coder/coder/v2
22

3-
go1.24.4
3+
go1.24.6
44

55
// Required until a v3 of chroma is created to lazily initialize all XML files.
66
// None of our dependencies seem to use the registries anyways, so this
@@ -58,7 +58,7 @@ replace github.com/imulab/go-scim/pkg/v2 => github.com/coder/go-scim/pkg/v2 v2.0
5858
// Adds support for a new Listener from a driver.Connector
5959
// This lets us use rotating authentication tokens for passwords in connection strings
6060
// which we use in the awsiamrds package.
61-
replacegithub.com/lib/pq =>github.com/coder/pqv1.10.5-0.20240813183442-0c420cb5a048
61+
replacegithub.com/lib/pq =>github.com/coder/pqv1.10.5-0.20250807075151-6ad9b0a25151
6262

6363
// Removes an init() function that causes terminal sequences to be printed to the web terminal when
6464
// used in conjunction with agent-exec. See https://github.com/coder/coder/pull/15817

‎go.sum‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -912,8 +912,8 @@ github.com/coder/go-scim/pkg/v2 v2.0.0-20230221055123-1d63c1222136 h1:0RgB61LcNs
912912
github.com/coder/go-scim/pkg/v2v2.0.0-20230221055123-1d63c1222136/go.mod h1:VkD1P761nykiq75dz+4iFqIQIZka189tx1BQLOp0Skc=
913913
github.com/coder/gutsv1.5.0 h1:a94apf7xMf5jDdg1bIHzncbRiTn3+BvBZgrFSDbUnyI=
914914
github.com/coder/gutsv1.5.0/go.mod h1:0Sbv5Kp83u1Nl7MIQiV2zmacJ3o02I341bkWkjWXSUQ=
915-
github.com/coder/pqv1.10.5-0.20240813183442-0c420cb5a048 h1:3jzYUlGH7ZELIH4XggXhnTnP05FCYiAFeQpoN+gNR5I=
916-
github.com/coder/pqv1.10.5-0.20240813183442-0c420cb5a048/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
915+
github.com/coder/pqv1.10.5-0.20250807075151-6ad9b0a25151 h1:YAxwg3lraGNRwoQ18H7R7n+wsCqNve7Brdvj0F1rDnU=
916+
github.com/coder/pqv1.10.5-0.20250807075151-6ad9b0a25151/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
917917
github.com/coder/prettyv0.0.0-20230908205945-e89ba86370e0 h1:3A0ES21Ke+FxEM8CXx9n47SZOKOpgSE1bbJzlE4qPVs=
918918
github.com/coder/prettyv0.0.0-20230908205945-e89ba86370e0/go.mod h1:5UuS2Ts+nTToAMeOjNlnHFkPahrtDkmpydBen/3wgZc=
919919
github.com/coder/previewv1.0.1 h1:f6q+RjNelwnkyXfGbmVlb4dcUOQ0z4mPsb2kuQpFHuU=

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp