Closed phisco-renovate[bot] closed 1 month ago
Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below:
Command failed: install-tool golang $(grep -oP "^toolchain go\K.+" go.mod)
Command failed: make generate
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xa07b8f]
goroutine 111 [running]:
go/types.(*Checker).handleBailout(0xc0017f7a00, 0xc00170bd40)
/opt/containerbase/tools/golang/1.22.5/src/go/types/check.go:367 +0x88
panic({0xbbe580?, 0x12a64b0?})
/opt/containerbase/tools/golang/1.22.5/src/runtime/panic.go:770 +0x132
go/types.(*StdSizes).Sizeof(0x0, {0xdb81d8, 0x12aed20})
/opt/containerbase/tools/golang/1.22.5/src/go/types/sizes.go:228 +0x30f
go/types.(*Config).sizeof(...)
/opt/containerbase/tools/golang/1.22.5/src/go/types/sizes.go:333
go/types.representableConst.func1({0xdb81d8?, 0x12aed20?})
/opt/containerbase/tools/golang/1.22.5/src/go/types/const.go:76 +0x9e
go/types.representableConst({0xdbe530, 0x1279cc0}, 0xc0017f7a00, 0x12aed20, 0xc001708ed8)
/opt/containerbase/tools/golang/1.22.5/src/go/types/const.go:106 +0x2c7
go/types.(*Checker).representation(0xc0017f7a00, 0xc00171a740, 0x12aed20)
/opt/containerbase/tools/golang/1.22.5/src/go/types/const.go:256 +0x65
go/types.(*Checker).representable(0xc0017f7a00, 0xc00171a740, 0x12aed20)
/opt/containerbase/tools/golang/1.22.5/src/go/types/const.go:239 +0x26
go/types.(*Checker).shift(0xc0017f7a00, 0xc00171a700, 0xc00171a740, {0xdbc2c8, 0xc0018049c0}, 0x14)
/opt/containerbase/tools/golang/1.22.5/src/go/types/expr.go:650 +0x1eb
go/types.(*Checker).binary(0xc0017f7a00, 0xc00171a700, {0xdbc2c8, 0xc0018049c0}, {0xdbc7d8, 0xc001816460}, {0xdbc7d8, 0xc001816480}, 0x14, 0x2c8734)
/opt/containerbase/tools/golang/1.22.5/src/go/types/expr.go:796 +0x150
go/types.(*Checker).exprInternal(0xc0017f7a00, 0x0, 0xc00171a700, {0xdbc2c8, 0xc0018049c0}, {0x0, 0x0})
/opt/containerbase/tools/golang/1.22.5/src/go/types/expr.go:1416 +0x206
go/types.(*Checker).rawExpr(0xc0017f7a00, 0x0, 0xc00171a700, {0xdbc2c8?, 0xc0018049c0?}, {0x0?, 0x0?}, 0x0)
/opt/containerbase/tools/golang/1.22.5/src/go/types/expr.go:979 +0x19e
go/types.(*Checker).expr(0xc0017f7a00, 0x0?, 0xc00171a700, {0xdbc2c8?, 0xc0018049c0?})
/opt/containerbase/tools/golang/1.22.5/src/go/types/expr.go:1513 +0x30
go/types.(*Checker).constDecl(0xc0017f7a00, 0xc001294960, {0x0, 0x0}, {0xdbc2c8, 0xc0018049c0}, 0x0)
/opt/containerbase/tools/golang/1.22.5/src/go/types/decl.go:488 +0x2f1
go/types.(*Checker).objDecl(0xc0017f7a00, {0xdc3c60, 0xc001294960}, 0x0)
/opt/containerbase/tools/golang/1.22.5/src/go/types/decl.go:191 +0xa49
go/types.(*Checker).ident(0xc0017f7a00, 0xc00171a6c0, 0xc00117fe60, 0x0, 0x0)
/opt/containerbase/tools/golang/1.22.5/src/go/types/typexpr.go:62 +0x250
go/types.(*Checker).exprInternal(0xc0017f7a00, 0x0, 0xc00171a6c0, {0xdbad98, 0xc00117fe60}, {0x0, 0x0})
/opt/containerbase/tools/golang/1.22.5/src/go/types/expr.go:1033 +0x138
go/types.(*Checker).rawExpr(0xc0017f7a00, 0x0, 0xc00171a6c0, {0xdbad98?, 0xc00117fe60?}, {0x0?, 0x0?}, 0x0)
/opt/containerbase/tools/golang/1.22.5/src/go/types/expr.go:979 +0x19e
go/types.(*Checker).expr(0xc0017f7a00, 0xc00170ada0?, 0xc00171a6c0, {0xdbad98?, 0xc00117fe60?})
/opt/containerbase/tools/golang/1.22.5/src/go/types/expr.go:1513 +0x30
go/types.(*Checker).binary(0xc0017f7a00, 0xc00171a680, {0xdbc2c8, 0xc001804900}, {0xdbad98, 0xc00117fe40}, {0xdbad98, 0xc00117fe60}, 0xc, 0x2c7eb5)
/opt/containerbase/tools/golang/1.22.5/src/go/types/expr.go:784 +0xcc
go/types.(*Checker).exprInternal(0xc0017f7a00, 0x0, 0xc00171a680, {0xdbc2c8, 0xc001804900}, {0x0, 0x0})
/opt/containerbase/tools/golang/1.22.5/src/go/types/expr.go:1416 +0x206
go/types.(*Checker).rawExpr(0xc0017f7a00, 0x0, 0xc00171a680, {0xdbc2c8?, 0xc001804900?}, {0x0?, 0x0?}, 0x0)
/opt/containerbase/tools/golang/1.22.5/src/go/types/expr.go:979 +0x19e
go/types.(*Checker).expr(0xc0017f7a00, 0xc00128ede0?, 0xc00171a680, {0xdbc2c8?, 0xc001804900?})
/opt/containerbase/tools/golang/1.22.5/src/go/types/expr.go:1513 +0x30
go/types.(*Checker).constDecl(0xc0017f7a00, 0xc00128eea0, {0x0, 0x0}, {0xdbc2c8, 0xc001804900}, 0x0)
/opt/containerbase/tools/golang/1.22.5/src/go/types/decl.go:488 +0x2f1
go/types.(*Checker).objDecl(0xc0017f7a00, {0xdc3c60, 0xc00128eea0}, 0x0)
/opt/containerbase/tools/golang/1.22.5/src/go/types/decl.go:191 +0xa49
go/types.(*Checker).packageObjects(0xc0017f7a00)
/opt/containerbase/tools/golang/1.22.5/src/go/types/resolver.go:693 +0x4dd
go/types.(*Checker).checkFiles(0xc0017f7a00, {0xc001129900, 0xa, 0xa})
/opt/containerbase/tools/golang/1.22.5/src/go/types/check.go:408 +0x1a5
go/types.(*Checker).Files(...)
/opt/containerbase/tools/golang/1.22.5/src/go/types/check.go:372
sigs.k8s.io/controller-tools/pkg/loader.(*loader).typeCheck(0xc000287440, 0xc000390480)
/go/pkg/mod/sigs.k8s.io/controller-tools@v0.12.1/pkg/loader/loader.go:286 +0x36a
sigs.k8s.io/controller-tools/pkg/loader.(*Package).NeedTypesInfo(0xc000390480)
/go/pkg/mod/sigs.k8s.io/controller-tools@v0.12.1/pkg/loader/loader.go:99 +0x39
sigs.k8s.io/controller-tools/pkg/loader.(*TypeChecker).check(0xc0006b3560, 0xc000390480)
/go/pkg/mod/sigs.k8s.io/controller-tools@v0.12.1/pkg/loader/refs.go:268 +0x2b7
sigs.k8s.io/controller-tools/pkg/loader.(*TypeChecker).check.func1(0x0?)
/go/pkg/mod/sigs.k8s.io/controller-tools@v0.12.1/pkg/loader/refs.go:262 +0x53
created by sigs.k8s.io/controller-tools/pkg/loader.(*TypeChecker).check in goroutine 74
/go/pkg/mod/sigs.k8s.io/controller-tools@v0.12.1/pkg/loader/refs.go:260 +0x1c5
exit status 2
apis/generate.go:45: running "go": exit status 1
make[1]: *** [build/makelib/golang.mk:240: go.generate] Error 1
make: *** [build/makelib/common.mk:434: generate] Error 2
This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.
This PR contains the following updates:
v1.9.0
->v1.11.0
Denial of service via malicious preflight requests in github.com/rs/cors
GHSA-mh55-gqvf-xfwm / GO-2024-2883
More information
#### Details Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service. #### Severity Unknown #### References - [https://github.com/rs/cors/pull/171](https://togithub.com/rs/cors/pull/171) - [https://github.com/rs/cors/issues/170](https://togithub.com/rs/cors/issues/170) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2024-2883) and the [Go Vulnerability Database](https://togithub.com/golang/vulndb) ([CC-BY 4.0](https://togithub.com/golang/vulndb#license)).Denial of service via malicious preflight requests in github.com/rs/cors
GHSA-mh55-gqvf-xfwm / GO-2024-2883
More information
#### Details Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service. #### Severity Moderate #### References - [https://github.com/rs/cors/issues/170](https://togithub.com/rs/cors/issues/170) - [https://github.com/rs/cors/pull/171](https://togithub.com/rs/cors/pull/171) - [https://github.com/rs/cors/commit/4c32059b2756926619f6bf70281b91be7b5dddb2](https://togithub.com/rs/cors/commit/4c32059b2756926619f6bf70281b91be7b5dddb2) - [https://github.com/rs/cors](https://togithub.com/rs/cors) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-mh55-gqvf-xfwm) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).Release Notes
rs/cors (github.com/rs/cors)
### [`v1.11.0`](https://togithub.com/rs/cors/compare/v1.10.1...v1.11.0) [Compare Source](https://togithub.com/rs/cors/compare/v1.10.1...v1.11.0) ### [`v1.10.1`](https://togithub.com/rs/cors/compare/v1.10.0...v1.10.1) [Compare Source](https://togithub.com/rs/cors/compare/v1.10.0...v1.10.1) ### [`v1.10.0`](https://togithub.com/rs/cors/compare/v1.9.0...v1.10.0) [Compare Source](https://togithub.com/rs/cors/compare/v1.9.0...v1.10.0)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.