Bump Expected Minimum Go Version to 1.19
bendbennett opened this issue ยท 5 comments
Terraform CLI and Provider Versions
random v3.4.3
Use Cases or Problem Statement
Following the Go support policy and given the ecosystem availability of the latest Go minor version, it's time to upgrade. This will ensure that this project can use recent improvements to the Go runtime, standard library functionality, and continue to receive security updates
Proposal
- Run the following commands to upgrade the Go module files and automatically fix outdated Go code:
go mod edit -go=1.19
go mod tidy
go fix ./...- Ensure any GitHub Actions workflows (
.github/workflows/*.yml) use 1.20 in place of any 1.19 and 1.19 in place of any 1.18 or earlier - Ensure the README or any Contributing documentation notes the Go 1.19 expected minimum
- (Not applicable to all projects) Ensure the
.go-versionis at least 1.19 or later
How much impact is this issue causing?
Low
Additional Information
- https://github.com/hashicorp/terraform-plugin-framework/#go-compatibility
- https://formulae.brew.sh/formula/go
- microsoft/winget-pkgs#95835
- https://community.chocolatey.org/packages/golang
- https://packages.ubuntu.com/lunar/golang-1.20
Code of Conduct
- I agree to follow this project's Code of Conduct
Hi @bendbennett, thank you for fixing this. I see #378 is merged to main but any idea on when this would be released?
It will fix all these security bugs:
1 CVE-2022-32190|go|.terraform.d/plugins/registry.terraform.io/hashicorp/random/3.4.3/linux_amd64/terraform-provider-random_v3.4.3_x5|1.18.5|fixed in 1.18.6|7.5|high
2 CVE-2022-27664|go|.terraform.d/plugins/registry.terraform.io/hashicorp/random/3.4.3/linux_amd64/terraform-provider-random_v3.4.3_x5|1.18.5|fixed in 1.19.1, 1.18.6|7.5|high
3 CVE-2022-2879|go|.terraform.d/plugins/registry.terraform.io/hashicorp/random/3.4.3/linux_amd64/terraform-provider-random_v3.4.3_x5|1.18.5|fixed in 1.19.2, 1.18.7|7.5|high
4 CVE-2022-2880|go|.terraform.d/plugins/registry.terraform.io/hashicorp/random/3.4.3/linux_amd64/terraform-provider-random_v3.4.3_x5|1.18.5|fixed in 1.19.2, 1.18.7|7.5|high
5 CVE-2022-41715|go|.terraform.d/plugins/registry.terraform.io/hashicorp/random/3.4.3/linux_amd64/terraform-provider-random_v3.4.3_x5|1.18.5|fixed in 1.19.2, 1.18.7|7.5|high
6 CVE-2022-41716|go|.terraform.d/plugins/registry.terraform.io/hashicorp/random/3.4.3/linux_amd64/terraform-provider-random_v3.4.3_x5|1.18.5|fixed in 1.19.3, 1.18.8|5.4|medium
7 CVE-2022-41717|go|.terraform.d/plugins/registry.terraform.io/hashicorp/random/3.4.3/linux_amd64/terraform-provider-random_v3.4.3_x5|1.18.5|fixed in 1.19.4, 1.18.9|5.3|medium
@bendbennett Thank you for the Fix! Do you know a possible timeframe on a new release of the provider?
Hi @faarshad @azuterios ๐
The update to Go 1.19 has been released as v3.5.0.
Hi @faarshad @azuterios ๐
The update to Go 1.19 has been released as
v3.5.0.
@bendbennett Thank you for the prompt response and quick release!
I'm going to lock this issue because it has been closed for 30 days โณ. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.