Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
build: Specify go1.22.2 as toolchain to fix govulncheck issues (#517)
Nix (and therefore devbox) has been slow in rolling out go1.22.2, which contains CVE fixes. Current version go1.22.1 causes govulncheck to report valid vulnerabilities in `net/http` package. go1.21 introduced toolchain management via `go.mod` file with `toolchain` directive. This commit specifies go1.22.2 as the toolchain to use and hence fixes the govulncheck issues. This does mean that go versions have to be managed in multiple places so this is a stop-gap until Nix releases go1.22.2 to nixpkgs-unstable channel.
- Loading branch information