DFBUGS-8415: [release-4.21] Bump go (stdlib) from 1.24.10 to 1.24.12#4015
DFBUGS-8415: [release-4.21] Bump go (stdlib) from 1.24.10 to 1.24.12#4015df-build-team wants to merge 1 commit into
Conversation
Updated the following modules: - go (stdlib): 1.24.10 -> 1.24.12 (metrics/go.mod) - go (stdlib): 1.24.10 -> 1.24.12 (services/provider/api/go.mod) - go (stdlib): 1.24.10 -> 1.24.12 (api/go.mod) - go (stdlib): 1.24.10 -> 1.24.12 (go.mod) Signed-off-by: DF Build Team <df-build-team@redhat.com>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: df-build-team The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
@df-build-team: This pull request references [Jira Issue DFBUGS-8415](https://redhat.atlassian.net/browse/DFBUGS-8415), which is invalid:
Comment DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@nik-redhat Similar to 4.20 here also only toolchain is getting updated, whereas we would want the actual version to be updated |
It's expected to have toolchain updated only since the toolchain directive is mentioned. |
For clarity/consistency basically. For other relases we are bumping the go versions too. So better to bump the go version on 4.20 & 4.21 as well to latest availble builder versions if there are no harm |
Toolchain is basically the maximum allowed go version in the code, so if we bump the toolchain version it keeps the code at the toolchain version which includes the fix of any affected CVE. |
Ack, let's stick to toolchain updated then if it's better |
|
/retest |
Changes
1.24.10→1.24.12(inmetrics/go.mod)1.24.10→1.24.12(inservices/provider/api/go.mod)1.24.10→1.24.12(inapi/go.mod)1.24.10→1.24.12(ingo.mod)