Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump target Go version to 1.20 #1

Closed
wants to merge 9 commits into from
Closed

Bump target Go version to 1.20 #1

wants to merge 9 commits into from

Conversation

nywilken
Copy link
Owner

@nywilken nywilken commented Sep 22, 2023

What's Changed?

This change bumps the minimum Go version to 1.20 to take advantage of a number of fixes to the language, while supporting the minimum version for a number of key dependencies which have been moving away from Go 1.15.

This change officially removes Go 1.15 from the testing matrix and adds the Go versions used for supporting the Exercism CLI and exercises. Namely Go 1.20.x, and 1.21.x.

Additional Changes

These changes support the Go version bump:

  • fix: update build tags to Go 1.18 syntax
  • Replace calls to deprecated io/ioutil pkg
  • workflows/ci.yml: Add multiple Go versions to testing matrix This change officially removes Go 1.15 from the testing matrix and adds the Go versions used for supporting the Exercism CLI.

Critical Dependency Changes:

  • bump spf13/viper to address reported vulnerabilities in yaml.v2
~>  govulncheck -test ./...
Scanning your code and 210 packages across 21 dependent modules for known vulnerabilities...

Vulnerability https://github.com/nywilken/exercism-cli/pull/1: GO-2022-0956
    Excessive resource consumption in gopkg.in/yaml.v2
  More info: https://pkg.go.dev/vuln/GO-2022-0956
  Module: gopkg.in/yaml.v2
    Found in: gopkg.in/[email protected]
    Fixed in: gopkg.in/[email protected]
    Example traces found:
      https://github.com/nywilken/exercism-cli/pull/1: cmd/submit.go:129:23: cmd.getExerciseSolutionFiles calls viper.Viper.ReadInConfig, which eventually calls yaml.Unmarshal

Vulnerability https://github.com/exercism/cli/issues/2: GO-2021-0061
    Denial of service in gopkg.in/yaml.v2
  More info: https://pkg.go.dev/vuln/GO-2021-0061
  Module: gopkg.in/yaml.v2
    Found in: gopkg.in/[email protected]
    Fixed in: gopkg.in/[email protected]
    Example traces found:
      https://github.com/nywilken/exercism-cli/pull/1: cmd/submit.go:129:23: cmd.getExerciseSolutionFiles calls viper.Viper.ReadInConfig, which eventually calls yaml.Unmarshal

Vulnerability https://github.com/exercism/cli/issues/3: GO-2020-0036
    Excessive resource consumption in YAML parsing in gopkg.in/yaml.v2
  More info: https://pkg.go.dev/vuln/GO-2020-0036
  Module: gopkg.in/yaml.v2
    Found in: gopkg.in/[email protected]
    Fixed in: gopkg.in/[email protected]
    Example traces found:
      https://github.com/nywilken/exercism-cli/pull/1: cmd/submit.go:129:23: cmd.getExerciseSolutionFiles calls viper.Viper.ReadInConfig, which eventually calls yaml.Unmarshal
  • deps: update module github.com/spf13/cobra to v1.7.0

Closes: exercism#1087
Closes: exercism#1086
Closes: exercism#1085

This change bumps the minimum Go version to 1.18 to take advantage of a
number of fixes to the language, while matching the minimum version for
a number of key dependencies which have been moving away from Go 1.15.

This change drops support for Go 1.15 in the Exercism CLI.
```
~> go1.18.10 fix ./...
```
This change bumps spf13/viper to address reported vulnerabilities in
yaml.v2

```
~>  govulncheck -test ./...
Scanning your code and 210 packages across 21 dependent modules for known vulnerabilities...

Vulnerability #1: GO-2022-0956
    Excessive resource consumption in gopkg.in/yaml.v2
  More info: https://pkg.go.dev/vuln/GO-2022-0956
  Module: gopkg.in/yaml.v2
    Found in: gopkg.in/[email protected]
    Fixed in: gopkg.in/[email protected]
    Example traces found:
      #1: cmd/submit.go:129:23: cmd.getExerciseSolutionFiles calls viper.Viper.ReadInConfig, which eventually calls yaml.Unmarshal

Vulnerability exercism#2: GO-2021-0061
    Denial of service in gopkg.in/yaml.v2
  More info: https://pkg.go.dev/vuln/GO-2021-0061
  Module: gopkg.in/yaml.v2
    Found in: gopkg.in/[email protected]
    Fixed in: gopkg.in/[email protected]
    Example traces found:
      #1: cmd/submit.go:129:23: cmd.getExerciseSolutionFiles calls viper.Viper.ReadInConfig, which eventually calls yaml.Unmarshal

Vulnerability exercism#3: GO-2020-0036
    Excessive resource consumption in YAML parsing in gopkg.in/yaml.v2
  More info: https://pkg.go.dev/vuln/GO-2020-0036
  Module: gopkg.in/yaml.v2
    Found in: gopkg.in/[email protected]
    Fixed in: gopkg.in/[email protected]
    Example traces found:
      #1: cmd/submit.go:129:23: cmd.getExerciseSolutionFiles calls viper.Viper.ReadInConfig, which eventually calls yaml.Unmarshal

```
This change officially removes Go 1.15 from the testing matrix and adds the Go versions used
for supporting the Exercism CLI. Namely Go 1.19, 1.20, and 1.21.x.
nywilken added a commit that referenced this pull request Oct 2, 2023
* Bump Go tooling to use 1.20.x for release and testing.
```
Scanning your code and 207 packages across 19 dependent modules for known vulnerabilities...

Vulnerability #1: GO-2023-2043
    Improper handling of special tags within script contexts in html/template
  More info: https://pkg.go.dev/vuln/GO-2023-2043
  Standard library
    Found in: html/[email protected]
    Fixed in: html/[email protected]
    Example traces found:
      #1: cmd/troubleshoot.go:127:20: cmd.Status.compile calls template.Template.Execute

Vulnerability exercism#2: GO-2023-2041
    Improper handling of HTML-like comments in script contexts in html/template
  More info: https://pkg.go.dev/vuln/GO-2023-2041
  Standard library
    Found in: html/[email protected]
    Fixed in: html/[email protected]
    Example traces found:
      #1: cmd/troubleshoot.go:127:20: cmd.Status.compile calls template.Template.Execute

Vulnerability exercism#3: GO-2023-1987
    Large RSA keys can cause high CPU usage in crypto/tls
  More info: https://pkg.go.dev/vuln/GO-2023-1987
  Standard library
    Found in: crypto/[email protected]
    Fixed in: crypto/[email protected]
    Example traces found:
      #1: api/client.go:68:25: api.Client.Do calls http.Client.Do, which eventually calls tls.Conn.HandshakeContext
      exercism#2: cli/cli.go:199:23: cli.extractBinary calls io.Copy, which eventually calls tls.Conn.Read
      exercism#3: debug/debug.go:32:14: debug.Printf calls fmt.Fprintf, which calls tls.Conn.Write
      exercism#4: api/client.go:68:25: api.Client.Do calls http.Client.Do, which eventually calls tls.Dialer.DialContext

Vulnerability exercism#4: GO-2023-1878
    Insufficient sanitization of Host header in net/http
  More info: https://pkg.go.dev/vuln/GO-2023-1878
  Standard library
    Found in: net/[email protected]
    Fixed in: net/[email protected]
    Example traces found:
      #1: api/client.go:68:25: api.Client.Do calls http.Client.Do
      exercism#2: cmd/troubleshoot.go:206:32: cmd.apiPing.Call calls http.Client.Get

Vulnerability exercism#5: GO-2023-1840
    Unsafe behavior in setuid/setgid binaries in runtime
  More info: https://pkg.go.dev/vuln/GO-2023-1840
  Standard library
    Found in: [email protected]
    Fixed in: [email protected]
    Example traces found:
      #1: debug/debug.go:80:12: debug.DumpResponse calls log.Fatal, which eventually calls runtime.Caller
      exercism#2: workspace/exercise_metadata.go:39:26: workspace.NewExerciseMetadata calls json.Unmarshal, which eventually calls runtime.Callers
      exercism#3: workspace/exercise_metadata.go:39:26: workspace.NewExerciseMetadata calls json.Unmarshal, which eventually calls runtime.CallersFrames
      exercism#4: workspace/exercise_metadata.go:39:26: workspace.NewExerciseMetadata calls json.Unmarshal, which eventually calls runtime.Frames.Next
      exercism#5: cmd/root.go:39:27: cmd.Execute calls cobra.Command.Execute, which eventually calls runtime.GC
      exercism#6: workspace/exercise_metadata.go:66:24: workspace.ExerciseMetadata.Write calls json.Marshal, which eventually calls runtime.GOMAXPROCS
      exercism#7: config/config.go:57:18: config.Dir calls os.Getenv, which eventually calls runtime.GOROOT
      exercism#8: cli/cli.go:202:29: cli.extractBinary calls os.File.Seek, which eventually calls runtime.KeepAlive
      exercism#9: cli/cli.go:135:2: cli.CLI.Upgrade calls os.File.Close, which eventually calls runtime.SetFinalizer
      exercism#10: debug/debug.go:32:14: debug.Printf calls fmt.Fprintf, which eventually calls runtime.Stack
      exercism#11: cmd/root.go:39:27: cmd.Execute calls cobra.Command.Execute, which eventually calls runtime.TypeAssertionError.Error
      exercism#12: workspace/test_configurations.go:5:2: workspace.init calls runtime.init, which calls runtime.defaultMemProfileRate
      exercism#13: workspace/test_configurations.go:5:2: workspace.init calls runtime.init, which calls runtime.efaceOf
      exercism#14: workspace/test_configurations.go:5:2: workspace.init calls runtime.init, which eventually calls runtime.findfunc
      exercism#15: workspace/test_configurations.go:5:2: workspace.init calls runtime.init, which calls runtime.float64frombits
      exercism#16: workspace/test_configurations.go:5:2: workspace.init calls runtime.init, which eventually calls runtime.forcegchelper
      exercism#17: workspace/test_configurations.go:5:2: workspace.init calls runtime.init, which eventually calls runtime.funcMaxSPDelta
      exercism#18: cmd/root.go:39:27: cmd.Execute calls cobra.Command.Execute, which eventually calls runtime.plainError.Error
      exercism#19: workspace/test_configurations.go:5:2: workspace.init calls runtime.init, which eventually calls runtime.throw

Vulnerability exercism#6: GO-2023-1753
    Improper handling of empty HTML attributes in html/template
  More info: https://pkg.go.dev/vuln/GO-2023-1753
  Standard library
    Found in: html/[email protected]
    Fixed in: html/[email protected]
    Example traces found:
      #1: cmd/troubleshoot.go:127:20: cmd.Status.compile calls template.Template.Execute

Vulnerability exercism#7: GO-2023-1752
    Improper handling of JavaScript whitespace in html/template
  More info: https://pkg.go.dev/vuln/GO-2023-1752
  Standard library
    Found in: html/[email protected]
    Fixed in: html/[email protected]
    Example traces found:
      #1: cmd/troubleshoot.go:127:20: cmd.Status.compile calls template.Template.Execute

Vulnerability exercism#8: GO-2023-1751
    Improper sanitization of CSS values in html/template
  More info: https://pkg.go.dev/vuln/GO-2023-1751
  Standard library
    Found in: html/[email protected]
    Fixed in: html/[email protected]
    Example traces found:
      #1: cmd/troubleshoot.go:127:20: cmd.Status.compile calls template.Template.Execute
```
@nywilken nywilken changed the title Bump target Go version to 1.19 Bump target Go version to 1.20 Oct 2, 2023
* Bump Go tooling to use 1.20.x for release and testing.
```
Scanning your code and 207 packages across 19 dependent modules for known vulnerabilities...

Vulnerability #1: GO-2023-2043
    Improper handling of special tags within script contexts in html/template
  More info: https://pkg.go.dev/vuln/GO-2023-2043
  Standard library
    Found in: html/[email protected]
    Fixed in: html/[email protected]
    Example traces found:
      #1: cmd/troubleshoot.go:127:20: cmd.Status.compile calls template.Template.Execute

Vulnerability exercism#2: GO-2023-2041
    Improper handling of HTML-like comments in script contexts in html/template
  More info: https://pkg.go.dev/vuln/GO-2023-2041
  Standard library
    Found in: html/[email protected]
    Fixed in: html/[email protected]
    Example traces found:
      #1: cmd/troubleshoot.go:127:20: cmd.Status.compile calls template.Template.Execute

Vulnerability exercism#3: GO-2023-1987
    Large RSA keys can cause high CPU usage in crypto/tls
  More info: https://pkg.go.dev/vuln/GO-2023-1987
  Standard library
    Found in: crypto/[email protected]
    Fixed in: crypto/[email protected]
    Example traces found:
      #1: api/client.go:68:25: api.Client.Do calls http.Client.Do, which eventually calls tls.Conn.HandshakeContext
      exercism#2: cli/cli.go:199:23: cli.extractBinary calls io.Copy, which eventually calls tls.Conn.Read
      exercism#3: debug/debug.go:32:14: debug.Printf calls fmt.Fprintf, which calls tls.Conn.Write
      exercism#4: api/client.go:68:25: api.Client.Do calls http.Client.Do, which eventually calls tls.Dialer.DialContext

Vulnerability exercism#4: GO-2023-1878
    Insufficient sanitization of Host header in net/http
  More info: https://pkg.go.dev/vuln/GO-2023-1878
  Standard library
    Found in: net/[email protected]
    Fixed in: net/[email protected]
    Example traces found:
      #1: api/client.go:68:25: api.Client.Do calls http.Client.Do
      exercism#2: cmd/troubleshoot.go:206:32: cmd.apiPing.Call calls http.Client.Get

Vulnerability exercism#5: GO-2023-1840
    Unsafe behavior in setuid/setgid binaries in runtime
  More info: https://pkg.go.dev/vuln/GO-2023-1840
  Standard library
    Found in: [email protected]
    Fixed in: [email protected]
    Example traces found:
      #1: debug/debug.go:80:12: debug.DumpResponse calls log.Fatal, which eventually calls runtime.Caller
      exercism#2: workspace/exercise_metadata.go:39:26: workspace.NewExerciseMetadata calls json.Unmarshal, which eventually calls runtime.Callers
      exercism#3: workspace/exercise_metadata.go:39:26: workspace.NewExerciseMetadata calls json.Unmarshal, which eventually calls runtime.CallersFrames
      exercism#4: workspace/exercise_metadata.go:39:26: workspace.NewExerciseMetadata calls json.Unmarshal, which eventually calls runtime.Frames.Next
      exercism#5: cmd/root.go:39:27: cmd.Execute calls cobra.Command.Execute, which eventually calls runtime.GC
      exercism#6: workspace/exercise_metadata.go:66:24: workspace.ExerciseMetadata.Write calls json.Marshal, which eventually calls runtime.GOMAXPROCS
      exercism#7: config/config.go:57:18: config.Dir calls os.Getenv, which eventually calls runtime.GOROOT
      exercism#8: cli/cli.go:202:29: cli.extractBinary calls os.File.Seek, which eventually calls runtime.KeepAlive
      exercism#9: cli/cli.go:135:2: cli.CLI.Upgrade calls os.File.Close, which eventually calls runtime.SetFinalizer
      exercism#10: debug/debug.go:32:14: debug.Printf calls fmt.Fprintf, which eventually calls runtime.Stack
      exercism#11: cmd/root.go:39:27: cmd.Execute calls cobra.Command.Execute, which eventually calls runtime.TypeAssertionError.Error
      exercism#12: workspace/test_configurations.go:5:2: workspace.init calls runtime.init, which calls runtime.defaultMemProfileRate
      exercism#13: workspace/test_configurations.go:5:2: workspace.init calls runtime.init, which calls runtime.efaceOf
      exercism#14: workspace/test_configurations.go:5:2: workspace.init calls runtime.init, which eventually calls runtime.findfunc
      exercism#15: workspace/test_configurations.go:5:2: workspace.init calls runtime.init, which calls runtime.float64frombits
      exercism#16: workspace/test_configurations.go:5:2: workspace.init calls runtime.init, which eventually calls runtime.forcegchelper
      exercism#17: workspace/test_configurations.go:5:2: workspace.init calls runtime.init, which eventually calls runtime.funcMaxSPDelta
      exercism#18: cmd/root.go:39:27: cmd.Execute calls cobra.Command.Execute, which eventually calls runtime.plainError.Error
      exercism#19: workspace/test_configurations.go:5:2: workspace.init calls runtime.init, which eventually calls runtime.throw

Vulnerability exercism#6: GO-2023-1753
    Improper handling of empty HTML attributes in html/template
  More info: https://pkg.go.dev/vuln/GO-2023-1753
  Standard library
    Found in: html/[email protected]
    Fixed in: html/[email protected]
    Example traces found:
      #1: cmd/troubleshoot.go:127:20: cmd.Status.compile calls template.Template.Execute

Vulnerability exercism#7: GO-2023-1752
    Improper handling of JavaScript whitespace in html/template
  More info: https://pkg.go.dev/vuln/GO-2023-1752
  Standard library
    Found in: html/[email protected]
    Fixed in: html/[email protected]
    Example traces found:
      #1: cmd/troubleshoot.go:127:20: cmd.Status.compile calls template.Template.Execute

Vulnerability exercism#8: GO-2023-1751
    Improper sanitization of CSS values in html/template
  More info: https://pkg.go.dev/vuln/GO-2023-1751
  Standard library
    Found in: html/[email protected]
    Fixed in: html/[email protected]
    Example traces found:
      #1: cmd/troubleshoot.go:127:20: cmd.Status.compile calls template.Template.Execute
```
@nywilken nywilken marked this pull request as ready for review October 3, 2023 10:27
nywilken added a commit that referenced this pull request Oct 5, 2023
* Bump minimum Go version to 1.18

This change bumps the minimum Go version to 1.18 to take advantage of a
number of fixes to the language, while matching the minimum version for
a number of key dependencies which have been moving away from Go 1.15.

This change drops support for Go 1.15 in the Exercism CLI.

* Bump minimum go version to 1.19

* fix: update build tags to Go 1.18 syntax

```
~> go1.18.10 fix ./...
```

* Replace calls to deprecated io/ioutil pkg

* fix(deps): update module github.com/spf13/viper to v1.15.0

This change bumps spf13/viper to address reported vulnerabilities in
yaml.v2

```
~>  govulncheck -test ./...
Scanning your code and 210 packages across 21 dependent modules for known vulnerabilities...

Vulnerability #1: GO-2022-0956
    Excessive resource consumption in gopkg.in/yaml.v2
  More info: https://pkg.go.dev/vuln/GO-2022-0956
  Module: gopkg.in/yaml.v2
    Found in: gopkg.in/[email protected]
    Fixed in: gopkg.in/[email protected]
    Example traces found:
      #1: cmd/submit.go:129:23: cmd.getExerciseSolutionFiles calls viper.Viper.ReadInConfig, which eventually calls yaml.Unmarshal

Vulnerability exercism#2: GO-2021-0061
    Denial of service in gopkg.in/yaml.v2
  More info: https://pkg.go.dev/vuln/GO-2021-0061
  Module: gopkg.in/yaml.v2
    Found in: gopkg.in/[email protected]
    Fixed in: gopkg.in/[email protected]
    Example traces found:
      #1: cmd/submit.go:129:23: cmd.getExerciseSolutionFiles calls viper.Viper.ReadInConfig, which eventually calls yaml.Unmarshal

Vulnerability exercism#3: GO-2020-0036
    Excessive resource consumption in YAML parsing in gopkg.in/yaml.v2
  More info: https://pkg.go.dev/vuln/GO-2020-0036
  Module: gopkg.in/yaml.v2
    Found in: gopkg.in/[email protected]
    Fixed in: gopkg.in/[email protected]
    Example traces found:
      #1: cmd/submit.go:129:23: cmd.getExerciseSolutionFiles calls viper.Viper.ReadInConfig, which eventually calls yaml.Unmarshal

```

* deps: update module github.com/spf13/cobra to v1.7.0

* deps: update module github.com/stretchr/testify to v1.8.4

* workflows/ci.yml: Add multiple Go versions to testing matrix

This change officially removes Go 1.15 from the testing matrix and adds the Go versions used
for supporting the Exercism CLI. Namely Go 1.19, 1.20, and 1.21.x.

* Bump minimum Go version to 1.20

* Bump Go tooling to use 1.20.x for release and testing.
```
Scanning your code and 207 packages across 19 dependent modules for known vulnerabilities...

Vulnerability #1: GO-2023-2043
    Improper handling of special tags within script contexts in html/template
  More info: https://pkg.go.dev/vuln/GO-2023-2043
  Standard library
    Found in: html/[email protected]
    Fixed in: html/[email protected]
    Example traces found:
      #1: cmd/troubleshoot.go:127:20: cmd.Status.compile calls template.Template.Execute

Vulnerability exercism#2: GO-2023-2041
    Improper handling of HTML-like comments in script contexts in html/template
  More info: https://pkg.go.dev/vuln/GO-2023-2041
  Standard library
    Found in: html/[email protected]
    Fixed in: html/[email protected]
    Example traces found:
      #1: cmd/troubleshoot.go:127:20: cmd.Status.compile calls template.Template.Execute

Vulnerability exercism#3: GO-2023-1987
    Large RSA keys can cause high CPU usage in crypto/tls
  More info: https://pkg.go.dev/vuln/GO-2023-1987
  Standard library
    Found in: crypto/[email protected]
    Fixed in: crypto/[email protected]
    Example traces found:
      #1: api/client.go:68:25: api.Client.Do calls http.Client.Do, which eventually calls tls.Conn.HandshakeContext
      exercism#2: cli/cli.go:199:23: cli.extractBinary calls io.Copy, which eventually calls tls.Conn.Read
      exercism#3: debug/debug.go:32:14: debug.Printf calls fmt.Fprintf, which calls tls.Conn.Write
      exercism#4: api/client.go:68:25: api.Client.Do calls http.Client.Do, which eventually calls tls.Dialer.DialContext

Vulnerability exercism#4: GO-2023-1878
    Insufficient sanitization of Host header in net/http
  More info: https://pkg.go.dev/vuln/GO-2023-1878
  Standard library
    Found in: net/[email protected]
    Fixed in: net/[email protected]
    Example traces found:
      #1: api/client.go:68:25: api.Client.Do calls http.Client.Do
      exercism#2: cmd/troubleshoot.go:206:32: cmd.apiPing.Call calls http.Client.Get

Vulnerability exercism#5: GO-2023-1840
    Unsafe behavior in setuid/setgid binaries in runtime
  More info: https://pkg.go.dev/vuln/GO-2023-1840
  Standard library
    Found in: [email protected]
    Fixed in: [email protected]
    Example traces found:
      #1: debug/debug.go:80:12: debug.DumpResponse calls log.Fatal, which eventually calls runtime.Caller
      exercism#2: workspace/exercise_metadata.go:39:26: workspace.NewExerciseMetadata calls json.Unmarshal, which eventually calls runtime.Callers
      exercism#3: workspace/exercise_metadata.go:39:26: workspace.NewExerciseMetadata calls json.Unmarshal, which eventually calls runtime.CallersFrames
      exercism#4: workspace/exercise_metadata.go:39:26: workspace.NewExerciseMetadata calls json.Unmarshal, which eventually calls runtime.Frames.Next
      exercism#5: cmd/root.go:39:27: cmd.Execute calls cobra.Command.Execute, which eventually calls runtime.GC
      exercism#6: workspace/exercise_metadata.go:66:24: workspace.ExerciseMetadata.Write calls json.Marshal, which eventually calls runtime.GOMAXPROCS
      exercism#7: config/config.go:57:18: config.Dir calls os.Getenv, which eventually calls runtime.GOROOT
      exercism#8: cli/cli.go:202:29: cli.extractBinary calls os.File.Seek, which eventually calls runtime.KeepAlive
      exercism#9: cli/cli.go:135:2: cli.CLI.Upgrade calls os.File.Close, which eventually calls runtime.SetFinalizer
      exercism#10: debug/debug.go:32:14: debug.Printf calls fmt.Fprintf, which eventually calls runtime.Stack
      exercism#11: cmd/root.go:39:27: cmd.Execute calls cobra.Command.Execute, which eventually calls runtime.TypeAssertionError.Error
      exercism#12: workspace/test_configurations.go:5:2: workspace.init calls runtime.init, which calls runtime.defaultMemProfileRate
      exercism#13: workspace/test_configurations.go:5:2: workspace.init calls runtime.init, which calls runtime.efaceOf
      exercism#14: workspace/test_configurations.go:5:2: workspace.init calls runtime.init, which eventually calls runtime.findfunc
      exercism#15: workspace/test_configurations.go:5:2: workspace.init calls runtime.init, which calls runtime.float64frombits
      exercism#16: workspace/test_configurations.go:5:2: workspace.init calls runtime.init, which eventually calls runtime.forcegchelper
      exercism#17: workspace/test_configurations.go:5:2: workspace.init calls runtime.init, which eventually calls runtime.funcMaxSPDelta
      exercism#18: cmd/root.go:39:27: cmd.Execute calls cobra.Command.Execute, which eventually calls runtime.plainError.Error
      exercism#19: workspace/test_configurations.go:5:2: workspace.init calls runtime.init, which eventually calls runtime.throw

Vulnerability exercism#6: GO-2023-1753
    Improper handling of empty HTML attributes in html/template
  More info: https://pkg.go.dev/vuln/GO-2023-1753
  Standard library
    Found in: html/[email protected]
    Fixed in: html/[email protected]
    Example traces found:
      #1: cmd/troubleshoot.go:127:20: cmd.Status.compile calls template.Template.Execute

Vulnerability exercism#7: GO-2023-1752
    Improper handling of JavaScript whitespace in html/template
  More info: https://pkg.go.dev/vuln/GO-2023-1752
  Standard library
    Found in: html/[email protected]
    Fixed in: html/[email protected]
    Example traces found:
      #1: cmd/troubleshoot.go:127:20: cmd.Status.compile calls template.Template.Execute

Vulnerability exercism#8: GO-2023-1751
    Improper sanitization of CSS values in html/template
  More info: https://pkg.go.dev/vuln/GO-2023-1751
  Standard library
    Found in: html/[email protected]
    Fixed in: html/[email protected]
    Example traces found:
      #1: cmd/troubleshoot.go:127:20: cmd.Status.compile calls template.Template.Execute
```
@nywilken
Copy link
Owner Author

nywilken commented Oct 5, 2023

merged upstream ✅

@nywilken nywilken closed this Oct 5, 2023
@nywilken nywilken deleted the bump-go-version branch October 5, 2023 14:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant