Thanks to visit codestin.com
Credit goes to github.com

Skip to content

build: Upgrade to Go 1.23.6 #3830

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

build: Upgrade to Go 1.23.6 #3830

wants to merge 1 commit into from

Conversation

alexandear
Copy link
Contributor

@alexandear alexandear commented Feb 7, 2025
edited
Loading

This PR silences vulncheck.

Run govulncheck ./...
  govulncheck ./...
  shell: /usr/bin/bash -e {0}
=== Symbol Results ===

Vulnerability #1: GO-[2](https://github.com/sqlc-dev/sqlc/actions/runs/13201723883/job/36855116383#step:5:2)025-3447
    Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec
  More info: https://pkg.go.dev/vuln/GO-2025-[3](https://github.com/sqlc-dev/sqlc/actions/runs/13201723883/job/36855116383#step:5:3)447
  Standard library
    Found in: crypto/internal/[email protected]
    Fixed in: crypto/internal/[email protected]
    Platforms: ppc6[4](https://github.com/sqlc-dev/sqlc/actions/runs/13201723883/job/36855116383#step:5:5)le
    Example traces found:
Error:       #1: internal/engine/postgresql/analyzer/analyze.go:217:3[5](https://github.com/sqlc-dev/sqlc/actions/runs/13201723883/job/36855116383#step:5:6): analyzer.Analyzer.Analyze calls pgxpool.ParseConfig, which eventually calls nistec.P25[6](https://github.com/sqlc-dev/sqlc/actions/runs/13201723883/job/36855116383#step:5:7)Point.ScalarBaseMult
Error:       #2: internal/cmd/generate.go:145:14: cmd.Generate calls fmt.Fprintf, which eventually calls nistec.P256Point.ScalarMult
Error:       #3: internal/engine/sqlite/parser/sqlite_parser.go:[12](https://github.com/sqlc-dev/sqlc/actions/runs/13201723883/job/36855116383#step:5:13)14:20: parser.SQLiteParserInit calls sync.Once.Do, which eventually calls nistec.P256Point.SetBytes

Your code is affected by 1 vulnerability from the Go standard library.
This scan found no other vulnerabilities in packages you import or modules you
require.
Use '-show verbose' for more details.

Related: #3822

@dosubot dosubot bot added size:XS This PR changes 0-9 lines, ignoring generated files. 🔧 golang labels Feb 7, 2025
@alexandear alexandear closed this Feb 7, 2025
@alexandear
Copy link
Contributor Author

Replaced by #3831

@alexandear alexandear deleted the vulncheck-go-1-23-6 branch February 7, 2025 15:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
size:XS This PR changes 0-9 lines, ignoring generated files. 🔧 golang
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@alexandear