Skip to content

Commit

Permalink
build: Specify go1.22.2 as toolchain to fix govulncheck issues (#517)
Browse files Browse the repository at this point in the history
Nix (and therefore devbox) has been slow in rolling out go1.22.2, which
contains CVE fixes. Current version go1.22.1 causes govulncheck to
report valid vulnerabilities in `net/http` package. go1.21 introduced
toolchain management via `go.mod` file with `toolchain` directive. This
commit specifies go1.22.2 as the toolchain to use and hence fixes the
govulncheck issues.

This does mean that go versions have to be managed in multiple places so
this is a stop-gap until Nix releases go1.22.2 to nixpkgs-unstable
channel.
  • Loading branch information
jimmidyson committed Apr 17, 2024
1 parent a310854 commit 7739b28
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ module github.com/mesosphere/mindthegap

go 1.22

toolchain go1.22.2

require (
github.com/aws/aws-sdk-go-v2 v1.26.1
github.com/aws/aws-sdk-go-v2/config v1.27.11
Expand Down

0 comments on commit 7739b28

Please sign in to comment.