diff --git a/.changelog/22132.txt b/.changelog/22132.txt new file mode 100644 index 000000000000..df6c65d1c66f --- /dev/null +++ b/.changelog/22132.txt @@ -0,0 +1,4 @@ +```release-note:security +Upgrade Go to use v1.22.12 and bump Go X-Repositories to latest. This addresses CVE +[CVE-2025-22866](https://nvd.nist.gov/vuln/detail/CVE-2025-22866) +``` diff --git a/.go-version b/.go-version index 3dfc2ecf954d..2560439f071b 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.22.11 +1.22.12 diff --git a/agent/consul/state/txn.go b/agent/consul/state/txn.go index 66cc4bb33d40..543a5d8e9dc4 100644 --- a/agent/consul/state/txn.go +++ b/agent/consul/state/txn.go @@ -28,7 +28,7 @@ func (s *Store) txnKVS(tx WriteTxn, idx uint64, op *structs.TxnKVOp) (structs.Tx var entry *structs.DirEntry var err error - // enumcover: api.KVOp + // enumcover:api.KVOp switch op.Verb { case api.KVSet: entry = &op.DirEnt @@ -137,7 +137,7 @@ func (s *Store) txnKVS(tx WriteTxn, idx uint64, op *structs.TxnKVOp) (structs.Tx func txnSession(tx WriteTxn, idx uint64, op *structs.TxnSessionOp) error { var err error - // enumcover: api.SessionOp + // enumcover:api.SessionOp switch op.Verb { case api.SessionDelete: err = sessionDeleteWithSession(tx, &op.Session, idx) diff --git a/agent/consul/txn_endpoint.go b/agent/consul/txn_endpoint.go index e704c9a2eda1..d8150b371fa0 100644 --- a/agent/consul/txn_endpoint.go +++ b/agent/consul/txn_endpoint.go @@ -268,7 +268,7 @@ func (t *Txn) Read(args *structs.TxnReadRequest, reply *structs.TxnReadResponse) // nodeVerbValidate checks for a known operation type. For certain operations, // it also indicated if further "preApply" checks are required. func nodeVerbValidate(op api.NodeOp) (bool, error) { - // enumcover: api.NodeOp + // enumcover:api.NodeOp switch op { // Skip the pre-apply checks if this is a GET. case api.NodeGet: @@ -283,7 +283,7 @@ func nodeVerbValidate(op api.NodeOp) (bool, error) { // serviceVerbValidate checks for a known operation type. For certain operations, // it also indicated if further "preApply" checks are required. func serviceVerbValidate(op api.ServiceOp) (bool, error) { - // enumcover: api.ServiceOp + // enumcover:api.ServiceOp switch op { // Skip the pre-apply checks if this is a GET. case api.ServiceGet: @@ -298,7 +298,7 @@ func serviceVerbValidate(op api.ServiceOp) (bool, error) { // checkVerbValidate checks for a known operation type. For certain operations, // it also indicated if further "preApply" checks are required. func checkVerbValidate(op api.CheckOp) (bool, error) { - // enumcover: api.CheckOp + // enumcover:api.CheckOp switch op { // Skip the pre-apply checks if this is a GET. case api.CheckGet: @@ -312,7 +312,7 @@ func checkVerbValidate(op api.CheckOp) (bool, error) { // intentionVerbValidate checks for a known operation type. func intentionVerbValidate(op structs.IntentionOp) error { - // enumcover: structs.IntentionOp + // enumcover:structs.IntentionOp switch op { case structs.IntentionOpCreate, structs.IntentionOpDelete, structs.IntentionOpUpdate, structs.IntentionOpDeleteAll, structs.IntentionOpUpsert: return nil @@ -323,7 +323,7 @@ func intentionVerbValidate(op structs.IntentionOp) error { // sessionVerbValidate checks for a known operation type. func sessionVerbValidate(op api.SessionOp) error { - // enumcover: api.SessionOp + // enumcover:api.SessionOp switch op { case api.SessionDelete: return nil diff --git a/api/go.mod b/api/go.mod index c95b5a1f5239..28847d4876ea 100644 --- a/api/go.mod +++ b/api/go.mod @@ -1,6 +1,6 @@ module github.com/hashicorp/consul/api -go 1.22.11 +go 1.22.12 replace github.com/hashicorp/consul/sdk => ../sdk diff --git a/envoyextensions/go.mod b/envoyextensions/go.mod index 0532049efe8f..88aeb3a794c6 100644 --- a/envoyextensions/go.mod +++ b/envoyextensions/go.mod @@ -1,6 +1,6 @@ module github.com/hashicorp/consul/envoyextensions -go 1.22.11 +go 1.22.12 replace ( github.com/hashicorp/consul/api => ../api diff --git a/go.mod b/go.mod index 989ebfefa717..c751e3c8ec46 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/hashicorp/consul -go 1.22.11 +go 1.22.12 replace ( github.com/hashicorp/consul/api => ./api diff --git a/internal/tools/proto-gen-rpc-glue/e2e/consul/go.mod b/internal/tools/proto-gen-rpc-glue/e2e/consul/go.mod index 1dc5fd08b55c..f4a9ed8e0e7b 100644 --- a/internal/tools/proto-gen-rpc-glue/e2e/consul/go.mod +++ b/internal/tools/proto-gen-rpc-glue/e2e/consul/go.mod @@ -1,5 +1,5 @@ module github.com/hashicorp/consul -go 1.22.11 +go 1.22.12 require google.golang.org/protobuf v1.28.1 diff --git a/internal/tools/proto-gen-rpc-glue/e2e/go.mod b/internal/tools/proto-gen-rpc-glue/e2e/go.mod index f65e23e0f4f4..5b285a9ff076 100644 --- a/internal/tools/proto-gen-rpc-glue/e2e/go.mod +++ b/internal/tools/proto-gen-rpc-glue/e2e/go.mod @@ -1,6 +1,6 @@ module github.com/hashicorp/consul/internal/tools/proto-gen-rpc-glue/e2e -go 1.22.11 +go 1.22.12 replace github.com/hashicorp/consul => ./consul diff --git a/internal/tools/proto-gen-rpc-glue/go.mod b/internal/tools/proto-gen-rpc-glue/go.mod index 91016e251457..49d7fa58fdbf 100644 --- a/internal/tools/proto-gen-rpc-glue/go.mod +++ b/internal/tools/proto-gen-rpc-glue/go.mod @@ -1,6 +1,6 @@ module github.com/hashicorp/consul/internal/tools/proto-gen-rpc-glue -go 1.22.11 +go 1.22.12 require github.com/stretchr/testify v1.8.4 diff --git a/internal/tools/protoc-gen-consul-rate-limit/go.mod b/internal/tools/protoc-gen-consul-rate-limit/go.mod index 08344dd8184b..7dfdbee14068 100644 --- a/internal/tools/protoc-gen-consul-rate-limit/go.mod +++ b/internal/tools/protoc-gen-consul-rate-limit/go.mod @@ -1,6 +1,6 @@ module github.com/hashicorp/consul/internal/tools/protoc-gen-consul-rate-limit -go 1.22.11 +go 1.22.12 replace github.com/hashicorp/consul/proto-public => ../../../proto-public diff --git a/proto-public/go.mod b/proto-public/go.mod index c7f8c7a7eb46..238b1d809029 100644 --- a/proto-public/go.mod +++ b/proto-public/go.mod @@ -1,6 +1,6 @@ module github.com/hashicorp/consul/proto-public -go 1.22.11 +go 1.22.12 require ( google.golang.org/grpc v1.56.3 diff --git a/sdk/go.mod b/sdk/go.mod index 2b65da42c411..f8c15106c3bd 100644 --- a/sdk/go.mod +++ b/sdk/go.mod @@ -1,6 +1,6 @@ module github.com/hashicorp/consul/sdk -go 1.22.11 +go 1.22.12 require ( github.com/hashicorp/go-cleanhttp v0.5.2 diff --git a/test-integ/go.mod b/test-integ/go.mod index 88460131a4a6..9de5c0f42c5f 100644 --- a/test-integ/go.mod +++ b/test-integ/go.mod @@ -1,6 +1,6 @@ module github.com/hashicorp/consul/test-integ -go 1.22.11 +go 1.22.12 require ( github.com/google/go-cmp v0.6.0 diff --git a/test/integration/connect/envoy/test-sds-server/go.mod b/test/integration/connect/envoy/test-sds-server/go.mod index 06ed2b69b258..f7133bc77d6a 100644 --- a/test/integration/connect/envoy/test-sds-server/go.mod +++ b/test/integration/connect/envoy/test-sds-server/go.mod @@ -1,6 +1,6 @@ module test-sds-server -go 1.22.11 +go 1.22.12 require ( github.com/envoyproxy/go-control-plane v0.12.0 diff --git a/test/integration/consul-container/go.mod b/test/integration/consul-container/go.mod index 4a40ec716d4c..5dbc44b4a462 100644 --- a/test/integration/consul-container/go.mod +++ b/test/integration/consul-container/go.mod @@ -1,6 +1,6 @@ module github.com/hashicorp/consul/test/integration/consul-container -go 1.22.11 +go 1.22.12 require ( fortio.org/fortio v1.54.0 diff --git a/testing/deployer/go.mod b/testing/deployer/go.mod index 04de582c1fa7..93b962431782 100644 --- a/testing/deployer/go.mod +++ b/testing/deployer/go.mod @@ -1,6 +1,6 @@ module github.com/hashicorp/consul/testing/deployer -go 1.22.11 +go 1.22.12 require ( github.com/avast/retry-go v3.0.0+incompatible diff --git a/troubleshoot/go.mod b/troubleshoot/go.mod index 4e6ff9ef9f20..444064b01d6f 100644 --- a/troubleshoot/go.mod +++ b/troubleshoot/go.mod @@ -1,6 +1,6 @@ module github.com/hashicorp/consul/troubleshoot -go 1.22.11 +go 1.22.12 replace ( github.com/hashicorp/consul/api => ../api