pingcap / tidb-tools

tidb-tools are some useful tool collections for TiDB.
Apache License 2.0
289 stars 194 forks source link

Update deps required to build with go1.24-27093581 #814

Closed dveeden closed 3 hours ago

dveeden commented 3 months ago

What problem does this PR solve?

Issue Number: close #813 ref #819

Also resolves https://github.com/pingcap/tidb-tools/security/dependabot/28

What is changed and how it works?

Check List

Tests

wuhuizuo commented 3 months ago

See the beautiful fix in tidb. The fix is ​​more elegant. The main thing here is to update the version of the tidb dependency. This change is forward compatible with the golang version: the runtime.Version() method exists at least in go 1.0.0.

dveeden commented 3 months ago
dvaneeden@dve-carbon:~/dev/pingcap/tidb-tools$ govulncheck ./...
=== Symbol Results ===

Vulnerability #1: GO-2024-2918
    Azure Identity Libraries Elevation of Privilege Vulnerability in
    github.com/Azure/azure-sdk-for-go/sdk/azidentity
  More info: https://pkg.go.dev/vuln/GO-2024-2918
  Module: github.com/Azure/azure-sdk-for-go/sdk/azidentity
    Found in: github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.5.1
    Fixed in: github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.6.0
    Example traces found:
      #1: pkg/utils/util.go:50:30: utils.GetJSON calls ioutil.ReadAll, which eventually calls azidentity.ClientSecretCredential.GetToken

Your code is affected by 1 vulnerability from 1 module.
This scan also found 0 vulnerabilities in packages you import and 1
vulnerability in modules you require, but your code doesn't appear to call these
vulnerabilities.
Use '-show verbose' for more details.
ti-chi-bot[bot] commented 4 hours ago

[LGTM Timeline notifier]

Timeline:

ti-chi-bot[bot] commented 3 hours ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Defined2014, mjonss

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/pingcap/tidb-tools/blob/master/OWNERS)~~ [Defined2014,mjonss] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment