update to go1.24.7

This includes 1 security fix: - net/http: CrossOriginProtection bypass patterns are over-broad When passing patterns to CrossOriginProtection.AddInsecureBypassPattern, requests that would have redirected to those patterns (e.g. without a trailing slash) were also exempted, which might be unexpected. Thanks to Marco Gazerro for reporting this issue. This is CVE-2025-47910 and Go issue https://go.dev/issue/75054. View the release notes for more information: https://go.dev/doc/devel/release#go1.24.7 Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2025-09-03 20:40:59 +02:00
parent 06ed23d5fe
commit f64b8a332d
9 changed files with 9 additions and 9 deletions
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -63,7 +63,7 @@ jobs:
        name: Update Go
        uses: actions/setup-go@v5
        with:
-          go-version: "1.24.6"
+          go-version: "1.24.7"
      -
        name: Initialize CodeQL
        uses: github/codeql-action/init@v3
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -66,7 +66,7 @@ jobs:
        name: Set up Go
        uses: actions/setup-go@v5
        with:
-          go-version: "1.24.6"
+          go-version: "1.24.7"
      -
        name: Test
        run: |
--- a/.golangci.yml
+++ b/.golangci.yml
@ -5,7 +5,7 @@ run:
  # which causes it to fallback to go1.17 semantics.
  #
  # TODO(thaJeztah): update "usetesting" settings to enable go1.24 features once our minimum version is go1.24
-  go: "1.24.6"
+  go: "1.24.7"

  timeout: 5m

--- a/2
+++ b/2
@ -8,7 +8,7 @@ ARG BASE_VARIANT=alpine
 ARG ALPINE_VERSION=3.22
 ARG BASE_DEBIAN_DISTRO=bookworm

-ARG GO_VERSION=1.24.6
+ARG GO_VERSION=1.24.7
 ARG XX_VERSION=1.6.1
 ARG GOVERSIONINFO_VERSION=v1.4.1

--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@ -1,5 +1,5 @@
 variable "GO_VERSION" {
-    default = "1.24.6"
+    default = "1.24.7"
 }
 variable "VERSION" {
    default = ""
--- a/dockerfiles/Dockerfile.dev
+++ b/dockerfiles/Dockerfile.dev
@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1

-ARG GO_VERSION=1.24.6
+ARG GO_VERSION=1.24.7

 # ALPINE_VERSION sets the version of the alpine base image to use, including for the golang image.
 # It must be a supported tag in the docker.io/library/alpine image repository
--- a/dockerfiles/Dockerfile.lint
+++ b/dockerfiles/Dockerfile.lint
@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1

-ARG GO_VERSION=1.24.6
+ARG GO_VERSION=1.24.7

 # ALPINE_VERSION sets the version of the alpine base image to use, including for the golang image.
 # It must be a supported tag in the docker.io/library/alpine image repository
--- a/dockerfiles/Dockerfile.vendor
+++ b/dockerfiles/Dockerfile.vendor
@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1

-ARG GO_VERSION=1.24.6
+ARG GO_VERSION=1.24.7

 # ALPINE_VERSION sets the version of the alpine base image to use, including for the golang image.
 # It must be a supported tag in the docker.io/library/alpine image repository
--- a/e2e/testdata/Dockerfile.gencerts
+++ b/e2e/testdata/Dockerfile.gencerts
@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1

-ARG GO_VERSION=1.24.6
+ARG GO_VERSION=1.24.7

 FROM golang:${GO_VERSION}-alpine AS generated
 ENV GOTOOLCHAIN=local