From f39bfb4b5b5fefda880b289f5aff5cb628c38913 Mon Sep 17 00:00:00 2001 From: jakedoublev Date: Wed, 9 Apr 2025 13:32:03 -0700 Subject: [PATCH 1/4] bump toolchain in lib/fixtures to resolve CVE GO-2025-3563 --- lib/fixtures/go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/fixtures/go.mod b/lib/fixtures/go.mod index 51584083fd..8c697e8a03 100644 --- a/lib/fixtures/go.mod +++ b/lib/fixtures/go.mod @@ -2,7 +2,7 @@ module github.com/opentdf/platform/lib/fixtures go 1.23.0 -toolchain go1.24.1 +toolchain go1.24.2 require github.com/Nerzal/gocloak/v13 v13.9.0 From 8bc1387a8ebee8bddee57ee80d8313574a4bd6f6 Mon Sep 17 00:00:00 2001 From: jakedoublev Date: Wed, 9 Apr 2025 13:34:26 -0700 Subject: [PATCH 2/4] bump toolchain in examples to resolve CVE GO-2025-3563 --- examples/go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/go.mod b/examples/go.mod index 9b04aa62f4..36eb2c8f5e 100644 --- a/examples/go.mod +++ b/examples/go.mod @@ -2,7 +2,7 @@ module github.com/opentdf/platform/examples go 1.23.0 -toolchain go1.24.1 +toolchain go1.24.2 require ( github.com/opentdf/platform/lib/ocrypto v0.1.9 From 711bb67152979dd5715cdcdbcc5163d4de10c10b Mon Sep 17 00:00:00 2001 From: jakedoublev Date: Wed, 9 Apr 2025 13:38:09 -0700 Subject: [PATCH 3/4] bump version in github actions as well --- .github/workflows/checks.yaml | 2 +- .github/workflows/vulnerability-check.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index 88ed13780e..9fc22e82a2 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -65,7 +65,7 @@ jobs: - name: govluncheck uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee with: - go-version-input: "1.24.1" + go-version-input: "1.24.2" work-dir: ${{ matrix.directory }} - name: golangci-lint uses: golangci/golangci-lint-action@2226d7cb06a077cd73e56eedd38eecad18e5d837 diff --git a/.github/workflows/vulnerability-check.yaml b/.github/workflows/vulnerability-check.yaml index 95713444e0..f746d88c02 100644 --- a/.github/workflows/vulnerability-check.yaml +++ b/.github/workflows/vulnerability-check.yaml @@ -21,5 +21,5 @@ jobs: - name: govluncheck uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee with: - go-version-input: "1.24.1" + go-version-input: "1.24.2" work-dir: ${{ matrix.directory }} From 07f1db24c0dc3231a6dac958c4e241a57069e7c1 Mon Sep 17 00:00:00 2001 From: jakedoublev Date: Wed, 9 Apr 2025 13:49:48 -0700 Subject: [PATCH 4/4] test bumping go toolchain version everywhere --- go.work | 2 +- protocol/go/go.mod | 2 +- sdk/go.mod | 2 +- service/go.mod | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.work b/go.work index f480607cf8..a345ebf231 100644 --- a/go.work +++ b/go.work @@ -1,6 +1,6 @@ go 1.23.0 -toolchain go1.24.1 +toolchain go1.24.2 use ( ./examples diff --git a/protocol/go/go.mod b/protocol/go/go.mod index c7b36dfc4e..b247f7754b 100644 --- a/protocol/go/go.mod +++ b/protocol/go/go.mod @@ -2,7 +2,7 @@ module github.com/opentdf/platform/protocol/go go 1.23.0 -toolchain go1.24.1 +toolchain go1.24.2 require ( buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.34.1-20240508200655-46a4cf4ba109.1 diff --git a/sdk/go.mod b/sdk/go.mod index b09403f35e..5e69b7ec34 100644 --- a/sdk/go.mod +++ b/sdk/go.mod @@ -2,7 +2,7 @@ module github.com/opentdf/platform/sdk go 1.23.0 -toolchain go1.24.1 +toolchain go1.24.2 require ( github.com/Masterminds/semver/v3 v3.3.1 diff --git a/service/go.mod b/service/go.mod index 52220d1738..df9cd4dda1 100644 --- a/service/go.mod +++ b/service/go.mod @@ -2,7 +2,7 @@ module github.com/opentdf/platform/service go 1.23.0 -toolchain go1.24.1 +toolchain go1.24.2 require ( connectrpc.com/connect v1.17.0