Closed jimmidyson closed 4 months ago
100 tests ±0 100 :white_check_mark: ±0 0s :stopwatch: ±0s 24 suites ±0 0 :zzz: ±0 1 files ±0 0 :x: ±0
Results for commit 98a61f90. ± Comparison against base commit 71a0ae6d.
33 tests ±0 30 :white_check_mark: ±0 1m 50s :stopwatch: +22s 2 suites ±0 3 :zzz: ±0 1 files ±0 0 :x: ±0
Results for commit 98a61f90. ± Comparison against base commit 71a0ae6d.
Nix (and therefore devbox) has been slow in rolling out go1.22.2, which contains CVE fixes. Current version go1.22.1 causes govulncheck to report valid vulnerabilities in
net/http
package. go1.21 introduced toolchain management viago.mod
file withtoolchain
directive. This commit specifies go1.22.2 as the toolchain to use and hence fixes the govulncheck issues.This does mean that go versions have to be managed in multiple places so this is a stop-gap until Nix releases go1.22.2 to nixpkgs-unstable channel.