Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use the latest minor release for golang 1.21 #213

Open
cloudxxx8 opened this issue Apr 19, 2024 · 0 comments
Open

Use the latest minor release for golang 1.21 #213

cloudxxx8 opened this issue Apr 19, 2024 · 0 comments

Comments

@cloudxxx8
Copy link
Member

cloudxxx8 commented Apr 19, 2024
edited
Loading

The current golang build is based on 1.21.0, and some CVE would be discovered if the binary is built from this version.


$ docker scout cves --format only-packages --only-vuln-packages edgexfoundry/core-metadata:0.0.0-dev

    ✓ Image stored for indexing

    ✓ Indexed 75 packages

    ✗ Detected 2 vulnerable packages with a total of 14 vulnerabilities


        Name        Version   Type            Vulnerabilities            

────────────────────────────────────────────────────────────────────────────

  golang.org/x/net  0.21.0   golang     0C     0H     1M     0L          

  stdlib            1.21.0   golang     0C     4H     4M     0L     6?

Thus, we should upgrade to use the latest patch version
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cloudxxx8