search

vmware / terraform-provider-nsxt

Terraform VMware NSX-T provider
https://www.terraform.io/docs/providers/nsxt/
Other
129 stars 83 forks source link

Bump go to 1.22.6 #1321

Closed BergCyrill closed 3 weeks ago

BergCyrill commented 3 weeks ago

Due to CVE-2024-24790 the used go version has to be pushed to 1.22.6

vmwclabot commented 3 weeks ago

@BergCyrill, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding Signed-off-by: John Doe <john.doe@email.org> to the last line of each Git commit message. The e-mail address used to sign must match the e-mail address of the Git author. Click here to view the Developer Certificate of Origin agreement.

BergCyrill commented 3 weeks ago

All commits are signed & signoff was made according to the dco. I don't unterstand why the vmwclabot doesn't recognize this, I think it is a false behaviour.

salv-orlando commented 3 weeks ago

/test-all

salv-orlando commented 3 weeks ago

@BergCyrill sometimes the CLA bot also complains about my commits, when the email I specify in Signed-Off-By is not my primary github email. Not sure if this your case as well.

In any case I'm reviewing the CVE. I don't have any concern in addressing it of course, I just wonder why it did not get automatically flagged.

BergCyrill commented 3 weeks ago

Thank you. My signoff mail is also my primary mail, so I really don't know what could be the issue.

ksamoray commented 3 weeks ago

Hi @BergCyrill, can you set version to 1.22? Seems like minor version is rejected by testing tools.

vmwclabot commented 3 weeks ago

@BergCyrill, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding Signed-off-by: John Doe <john.doe@email.org> to the last line of each Git commit message. The e-mail address used to sign must match the e-mail address of the Git author. Click here to view the Developer Certificate of Origin agreement.

BergCyrill commented 3 weeks ago

I have removed the patch version from the "go" line and set a toolchain version - hope the test tools do work properly now

ksamoray commented 3 weeks ago

I have removed the patch version from the "go" line and set a toolchain version - hope the test tools do work properly now

I've reran the CI, seems that it doesn't work yet :/

vmwclabot commented 3 weeks ago

@BergCyrill, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding Signed-off-by: John Doe <john.doe@email.org> to the last line of each Git commit message. The e-mail address used to sign must match the e-mail address of the Git author. Click here to view the Developer Certificate of Origin agreement.

BergCyrill commented 3 weeks ago

I have removed the reference to the patch version completely now.

ksamoray commented 3 weeks ago

I think that these failures are a result of version spec here

vmwclabot commented 3 weeks ago

@BergCyrill, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding Signed-off-by: John Doe <john.doe@email.org> to the last line of each Git commit message. The e-mail address used to sign must match the e-mail address of the Git author. Click here to view the Developer Certificate of Origin agreement.

BergCyrill commented 3 weeks ago

Nice catch - thank you. I have increased the used go version in both of the test actions now.

BergCyrill commented 3 weeks ago

Ok I think I have to bump golang-cilint to 1.56.1 to support go1.22

vmwclabot commented 3 weeks ago

@BergCyrill, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding Signed-off-by: John Doe <john.doe@email.org> to the last line of each Git commit message. The e-mail address used to sign must match the e-mail address of the Git author. Click here to view the Developer Certificate of Origin agreement.

ksamoray commented 3 weeks ago

/test-all

ksamoray commented 3 weeks ago

/test-all

ksamoray commented 3 weeks ago

/test-all

ksamoray commented 3 weeks ago

Thanks @BergCyrill

BergCyrill commented 3 weeks ago

Thanks @ksamoray Do you know when the next (patch-)release is planned?

ksamoray commented 3 weeks ago

Thanks @ksamoray Do you know when the next (patch-)release is planned?

General release schedule is published under milestones but we could have an earlier bugfix release.

BergCyrill commented 3 weeks ago

Thanks @ksamoray Do you know when the next (patch-)release is planned?

General release schedule is published under milestones but we could have an earlier bugfix release.

Since it's a 9.8 critical severity issue and the next release is almost one month away a bugfix release would be really helpful. Thank you