#119: Upgrade dependencies (#120)

exasol · Jul 29, 2024 · 6dc81ea · 6dc81ea
1 parent 4b07409
commit 6dc81ea
Show file tree

Hide file tree

Showing 8 changed files with 27 additions and 17 deletions.
diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml
@@ -8,16 +8,16 @@ jobs:
   matrix-build:
     strategy:
       matrix:
-        go: ["1.21", "1.22"]
+        go: ["1.21.12", "1.22.5"]
         db: ["7.1.26", "8.27.0"]
     env:
-      DEFAULT_GO: "1.22"
+      DEFAULT_GO: "1.21.12"
       DEFAULT_DB: "8.27.0"
     concurrency:
       group: ${{ github.workflow }}-${{ github.ref }}-go-${{ matrix.go }}-db-${{ matrix.db }}
       cancel-in-progress: true
     name: Build with go version ${{ matrix.go }} and db ${{ matrix.db }}
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     defaults:
       run:
         shell: "bash"

diff --git a/.github/workflows/dependencies_check.yml b/.github/workflows/dependencies_check.yml
@@ -24,7 +24,7 @@ jobs:
         id: go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.22"
+          go-version: "1.22.5"
           cache: true
 
       - name: Install vulncheck

diff --git a/.project-keeper.yml b/.project-keeper.yml
@@ -1,7 +1,7 @@
 sources:
   - type: golang
     path: go.mod
-version: 1.0.9
+version: 1.0.10
 excludes:
   # Releases are done with Release Droid because PK does not yet support release process for Go projects.
   - "E-PK-CORE-26: 'release_config.yml' exists but must not exist. Reason: Release-droid configuration is replaced by release.yml"
diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md
diff --git a/doc/changes/changes_1.0.10.md b/doc/changes/changes_1.0.10.md
@@ -0,0 +1,13 @@
+# Exasol Driver go 1.0.10, released 2024-07-29
+
+Code name: Fix vulnerability GO-2024-2963 in `net/[email protected]`
+
+## Summary
+
+This release fixes vulnerability [GO-2024-2963](https://pkg.go.dev/vuln/GO-2024-2963) in `net/[email protected]` by upgrading builds to the latest Go version 1.22.5.
+
+**Important:** We recommend users to also upgrade to the latest Go version in order to fix this vulnerability.
+
+## Security
+
+* #119: Fixed vulnerability GO-2024-2963 in `net/[email protected]`
diff --git a/go.mod b/go.mod
@@ -18,5 +18,5 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rogpeppe/go-internal v1.12.0 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
-	golang.org/x/net v0.26.0 // indirect
+	golang.org/x/net v0.27.0 // indirect
 )
diff --git a/go.sum b/go.sum
diff --git a/internal/version/version.go b/internal/version/version.go
@@ -1,3 +1,3 @@
 package version
 
-const DriverVersion = "v1.0.9"
+const DriverVersion = "v1.0.10"