From 3b0a983bf9e058f42d4fb98f2b15ebc46a84bb57 Mon Sep 17 00:00:00 2001 From: Christoph Pirkl Date: Mon, 29 Jul 2024 10:19:00 +0200 Subject: [PATCH 1/6] #119: Upgrade dependencies --- .github/workflows/ci-build.yml | 4 ++-- .github/workflows/dependencies_check.yml | 2 +- .project-keeper.yml | 2 +- doc/changes/changelog.md | 1 + doc/changes/changes_1.0.10.md | 11 +++++++++++ go.mod | 2 +- go.sum | 16 ++++++---------- 7 files changed, 23 insertions(+), 15 deletions(-) create mode 100644 doc/changes/changes_1.0.10.md diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index f6c3055..8986ce9 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -8,7 +8,7 @@ jobs: matrix-build: strategy: matrix: - go: ["1.21", "1.22"] + go: ["1.21.12", "1.22.5"] db: ["7.1.26", "8.27.0"] env: DEFAULT_GO: "1.22" @@ -17,7 +17,7 @@ jobs: group: ${{ github.workflow }}-${{ github.ref }}-go-${{ matrix.go }}-db-${{ matrix.db }} cancel-in-progress: true name: Build with go version ${{ matrix.go }} and db ${{ matrix.db }} - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 defaults: run: shell: "bash" diff --git a/.github/workflows/dependencies_check.yml b/.github/workflows/dependencies_check.yml index d0321b4..d53c77d 100644 --- a/.github/workflows/dependencies_check.yml +++ b/.github/workflows/dependencies_check.yml @@ -24,7 +24,7 @@ jobs: id: go uses: actions/setup-go@v5 with: - go-version: "1.22" + go-version: "1.22.5" cache: true - name: Install vulncheck diff --git a/.project-keeper.yml b/.project-keeper.yml index 1e3407c..d6eec80 100644 --- a/.project-keeper.yml +++ b/.project-keeper.yml @@ -1,7 +1,7 @@ sources: - type: golang path: go.mod -version: 1.0.9 +version: 1.0.10 excludes: # Releases are done with Release Droid because PK does not yet support release process for Go projects. - "E-PK-CORE-26: 'release_config.yml' exists but must not exist. Reason: Release-droid configuration is replaced by release.yml" diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md index f413cac..a6bd79f 100644 --- a/doc/changes/changelog.md +++ b/doc/changes/changelog.md @@ -1,5 +1,6 @@ # Changes +* [1.0.10](changes_1.0.10.md) * [1.0.9](changes_1.0.9.md) * [1.0.8](changes_1.0.8.md) * [1.0.7](changes_1.0.7.md) diff --git a/doc/changes/changes_1.0.10.md b/doc/changes/changes_1.0.10.md new file mode 100644 index 0000000..0470dc8 --- /dev/null +++ b/doc/changes/changes_1.0.10.md @@ -0,0 +1,11 @@ +# Exasol Driver go 1.0.10, released 2024-07-29 + +Code name: Fix vulnerability GO-2024-2963 in `net/http@go1.22.4` + +## Summary + +This release fixes vulnerability [GO-2024-2963](https://pkg.go.dev/vuln/GO-2024-2963) in `net/http@go1.22.4` by upgrading to the latest Go version 1.22.5. + +## Security + +* #119: Fixed vulnerability GO-2024-2963 in `net/http@go1.22.4` diff --git a/go.mod b/go.mod index aeddbc4..fde22bb 100644 --- a/go.mod +++ b/go.mod @@ -18,5 +18,5 @@ require ( github.com/pmezard/go-difflib v1.0.0 // indirect github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/stretchr/objx v0.5.2 // indirect - golang.org/x/net v0.26.0 // indirect + golang.org/x/net v0.27.0 // indirect ) diff --git a/go.sum b/go.sum index c16a1cc..8ff8af4 100644 --- a/go.sum +++ b/go.sum @@ -1,21 +1,17 @@ -github.com/antchfx/xmlquery v1.3.18 h1:FSQ3wMuphnPPGJOFhvc+cRQ2CT/rUj4cyQXkJcjOwz0= -github.com/antchfx/xmlquery v1.3.18/go.mod h1:Afkq4JIeXut75taLSuI31ISJ/zeq+3jG7TunF7noreA= -github.com/antchfx/xpath v1.2.5 h1:hqZ+wtQ+KIOV/S3bGZcIhpgYC26um2bZYP2KVGcR7VY= -github.com/antchfx/xpath v1.2.5/go.mod h1:i54GszH55fYfBmoZXapTHN8T8tkcHfRgLyVwwqzXNcs= +github.com/antchfx/xmlquery v1.4.0 h1:xg2HkfcRK2TeTbdb0m1jxCYnvsPaGY/oeZWTGqX/0hA= +github.com/antchfx/xmlquery v1.4.0/go.mod h1:Ax2aeaeDjfIw3CwXKDQ0GkwZ6QlxoChlIBP+mGnDFjI= +github.com/antchfx/xpath v1.3.0 h1:nTMlzGAK3IJ0bPpME2urTuFL76o4A96iYvoKFHRXJgc= +github.com/antchfx/xpath v1.3.0/go.mod h1:i54GszH55fYfBmoZXapTHN8T8tkcHfRgLyVwwqzXNcs= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/exasol/error-reporting-go v0.2.0 h1:nKIe4zYiTHbYrKJRlSNJcmGjTJCZredDh5akVHfIbRs= github.com/exasol/error-reporting-go v0.2.0/go.mod h1:lUzRJqKLiSuYpqRUN2LVyj08WeHzhMEC/8Gmgtuqh1Y= -github.com/exasol/exasol-test-setup-abstraction-server/go-client v0.3.6 h1:zFDtIhX1M52fwGzwSXL4o+JGC86qdsMNY20MaumCPgQ= -github.com/exasol/exasol-test-setup-abstraction-server/go-client v0.3.6/go.mod h1:MpOSQf+M12fO2DoIN6/dcABVodAkPmoPAYMZXd2Oefo= github.com/exasol/exasol-test-setup-abstraction-server/go-client v0.3.9 h1:vkOiwqum2hOK1WHgBop3TZrRGiygDRTvet8lzxP7Gl4= github.com/exasol/exasol-test-setup-abstraction-server/go-client v0.3.9/go.mod h1:g0gO9UJh2LOYlwJIzrw7c1QZJqEBSvYnAaOycu7M5/c= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY= -github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY= github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg= github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= @@ -34,8 +30,8 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= +golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= From e497ba265997f1c2200641071ad8cc6c37af2f7f Mon Sep 17 00:00:00 2001 From: Christoph Pirkl Date: Mon, 29 Jul 2024 10:20:51 +0200 Subject: [PATCH 2/6] Add note to changelog --- doc/changes/changes_1.0.10.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/changes/changes_1.0.10.md b/doc/changes/changes_1.0.10.md index 0470dc8..3f51e2a 100644 --- a/doc/changes/changes_1.0.10.md +++ b/doc/changes/changes_1.0.10.md @@ -4,7 +4,9 @@ Code name: Fix vulnerability GO-2024-2963 in `net/http@go1.22.4` ## Summary -This release fixes vulnerability [GO-2024-2963](https://pkg.go.dev/vuln/GO-2024-2963) in `net/http@go1.22.4` by upgrading to the latest Go version 1.22.5. +This release fixes vulnerability [GO-2024-2963](https://pkg.go.dev/vuln/GO-2024-2963) in `net/http@go1.22.4` by upgrading builds to the latest Go version 1.22.5. + +**Important:** We recommend users to also upgrade to the latest Go version in order to fix this vulnerability. ## Security From 0fdd4a424934746b0714a351be2f06ba2495dd30 Mon Sep 17 00:00:00 2001 From: Christoph Pirkl Date: Mon, 29 Jul 2024 10:22:18 +0200 Subject: [PATCH 3/6] Update version number --- internal/version/version.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/version/version.go b/internal/version/version.go index b10b538..8666c88 100644 --- a/internal/version/version.go +++ b/internal/version/version.go @@ -1,3 +1,3 @@ package version -const DriverVersion = "v1.0.9" +const DriverVersion = "v1.0.10" From f83383324e3bf8210f72282de3036f781a24ba91 Mon Sep 17 00:00:00 2001 From: Christoph Pirkl Date: Mon, 29 Jul 2024 11:34:26 +0200 Subject: [PATCH 4/6] Upgrade to latest Exasol version --- .github/workflows/ci-build.yml | 4 ++-- pkg/integrationTesting/dbTestSetup.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index 8986ce9..d1d495f 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -9,10 +9,10 @@ jobs: strategy: matrix: go: ["1.21.12", "1.22.5"] - db: ["7.1.26", "8.27.0"] + db: ["7.1.26", "8.29.1"] env: DEFAULT_GO: "1.22" - DEFAULT_DB: "8.27.0" + DEFAULT_DB: "8.29.1" concurrency: group: ${{ github.workflow }}-${{ github.ref }}-go-${{ matrix.go }}-db-${{ matrix.db }} cancel-in-progress: true diff --git a/pkg/integrationTesting/dbTestSetup.go b/pkg/integrationTesting/dbTestSetup.go index f74ff74..9d4a61b 100644 --- a/pkg/integrationTesting/dbTestSetup.go +++ b/pkg/integrationTesting/dbTestSetup.go @@ -11,7 +11,7 @@ import ( "github.com/stretchr/testify/suite" ) -const defaultExasolDbVersion = "8.27.0" +const defaultExasolDbVersion = "8.29.1" type DbTestSetup struct { suite *suite.Suite From 03766929854ffef096b3d788c195b003d021236c Mon Sep 17 00:00:00 2001 From: Christoph Pirkl Date: Mon, 29 Jul 2024 11:40:46 +0200 Subject: [PATCH 5/6] Revert "Upgrade to latest Exasol version" This reverts commit f83383324e3bf8210f72282de3036f781a24ba91. --- .github/workflows/ci-build.yml | 4 ++-- pkg/integrationTesting/dbTestSetup.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index d1d495f..8986ce9 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -9,10 +9,10 @@ jobs: strategy: matrix: go: ["1.21.12", "1.22.5"] - db: ["7.1.26", "8.29.1"] + db: ["7.1.26", "8.27.0"] env: DEFAULT_GO: "1.22" - DEFAULT_DB: "8.29.1" + DEFAULT_DB: "8.27.0" concurrency: group: ${{ github.workflow }}-${{ github.ref }}-go-${{ matrix.go }}-db-${{ matrix.db }} cancel-in-progress: true diff --git a/pkg/integrationTesting/dbTestSetup.go b/pkg/integrationTesting/dbTestSetup.go index 9d4a61b..f74ff74 100644 --- a/pkg/integrationTesting/dbTestSetup.go +++ b/pkg/integrationTesting/dbTestSetup.go @@ -11,7 +11,7 @@ import ( "github.com/stretchr/testify/suite" ) -const defaultExasolDbVersion = "8.29.1" +const defaultExasolDbVersion = "8.27.0" type DbTestSetup struct { suite *suite.Suite From 1ca6dc9958c633073285100c661ff355d5917cf0 Mon Sep 17 00:00:00 2001 From: Christoph Pirkl Date: Mon, 29 Jul 2024 11:54:32 +0200 Subject: [PATCH 6/6] Fix sonar analysis --- .github/workflows/ci-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index 8986ce9..730fbd5 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -11,7 +11,7 @@ jobs: go: ["1.21.12", "1.22.5"] db: ["7.1.26", "8.27.0"] env: - DEFAULT_GO: "1.22" + DEFAULT_GO: "1.21.12" DEFAULT_DB: "8.27.0" concurrency: group: ${{ github.workflow }}-${{ github.ref }}-go-${{ matrix.go }}-db-${{ matrix.db }}