Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit91780db

Browse files
authored
fix: upgrade to 1.24.6 to fix race in lib/pq queries (#19214)
fixes:coder/internal#731THIS IS A SECURITY FIXupgrade to go 1.24.6 to avoidgolang/go#74831 (CVE-2025-47907)Also points to a new version of our lib/pq fork that worked around the Go issue, which should restore better performance.
1 parent82d5a20 commit91780db

File tree

4 files changed

+7
-7
lines changed

4 files changed

+7
-7
lines changed

‎.github/actions/setup-go/action.yaml‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ description: |
44
inputs:
55
version:
66
description:"The Go version to use."
7-
default:"1.24.4"
7+
default:"1.24.6"
88
use-preinstalled-go:
99
description:"Whether to use preinstalled Go."
1010
default:"false"

‎dogfood/coder/Dockerfile‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,8 @@ RUN cargo install jj-cli typos-cli watchexec-cli
1111
FROM ubuntu:jammy@sha256:0e5e4a57c2499249aafc3b40fcd541e9a456aab7296681a3994d631587203f97 AS go
1212

1313
# Install Go manually, so that we can control the version
14-
ARG GO_VERSION=1.24.4
15-
ARG GO_CHECKSUM="77e5da33bb72aeaef1ba4418b6fe511bc4d041873cbf82e5aa6318740df98717"
14+
ARG GO_VERSION=1.24.6
15+
ARG GO_CHECKSUM="bbca37cc395c974ffa4893ee35819ad23ebb27426df87af92e93a9ec66ef8712"
1616

1717
# Boring Go is needed to build FIPS-compliant binaries.
1818
RUN apt-get update && \

‎go.mod‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
modulegithub.com/coder/coder/v2
22

3-
go1.24.4
3+
go1.24.6
44

55
// Required until a v3 of chroma is created to lazily initialize all XML files.
66
// None of our dependencies seem to use the registries anyways, so this
@@ -58,7 +58,7 @@ replace github.com/imulab/go-scim/pkg/v2 => github.com/coder/go-scim/pkg/v2 v2.0
5858
// Adds support for a new Listener from a driver.Connector
5959
// This lets us use rotating authentication tokens for passwords in connection strings
6060
// which we use in the awsiamrds package.
61-
replacegithub.com/lib/pq =>github.com/coder/pqv1.10.5-0.20250630052411-a259f96b6102
61+
replacegithub.com/lib/pq =>github.com/coder/pqv1.10.5-0.20250807075151-6ad9b0a25151
6262

6363
// Removes an init() function that causes terminal sequences to be printed to the web terminal when
6464
// used in conjunction with agent-exec. See https://github.com/coder/coder/pull/15817

‎go.sum‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -916,8 +916,8 @@ github.com/coder/go-scim/pkg/v2 v2.0.0-20230221055123-1d63c1222136 h1:0RgB61LcNs
916916
github.com/coder/go-scim/pkg/v2v2.0.0-20230221055123-1d63c1222136/go.mod h1:VkD1P761nykiq75dz+4iFqIQIZka189tx1BQLOp0Skc=
917917
github.com/coder/gutsv1.5.0 h1:a94apf7xMf5jDdg1bIHzncbRiTn3+BvBZgrFSDbUnyI=
918918
github.com/coder/gutsv1.5.0/go.mod h1:0Sbv5Kp83u1Nl7MIQiV2zmacJ3o02I341bkWkjWXSUQ=
919-
github.com/coder/pqv1.10.5-0.20250630052411-a259f96b6102 h1:ahTJlTRmTogsubgRVGOUj40dg62WvqPQkzTQP7pyepI=
920-
github.com/coder/pqv1.10.5-0.20250630052411-a259f96b6102/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
919+
github.com/coder/pqv1.10.5-0.20250807075151-6ad9b0a25151 h1:YAxwg3lraGNRwoQ18H7R7n+wsCqNve7Brdvj0F1rDnU=
920+
github.com/coder/pqv1.10.5-0.20250807075151-6ad9b0a25151/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
921921
github.com/coder/prettyv0.0.0-20230908205945-e89ba86370e0 h1:3A0ES21Ke+FxEM8CXx9n47SZOKOpgSE1bbJzlE4qPVs=
922922
github.com/coder/prettyv0.0.0-20230908205945-e89ba86370e0/go.mod h1:5UuS2Ts+nTToAMeOjNlnHFkPahrtDkmpydBen/3wgZc=
923923
github.com/coder/previewv1.0.3 h1:et0/frnLB68PPwsGaa1KAZQdBKBxNSqzMplYKsBpcNA=

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp