Skip to content

brokers: Bump Go toolchain version to 1.24.12 #1233

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
adombeck merged 1 commit into from
Feb 2, 2026
Merged

brokers: Bump Go toolchain version to 1.24.12 #1233

adombeck merged 1 commit into from
Feb 2, 2026
+2 −2

Conversation

@adombeck
Copy link
Contributor

@adombeck adombeck commented Jan 31, 2026

govulncheck reports the following vulnerabilities in go1.24.11

Vulnerability #1: GO-2026-4341
    Memory exhaustion in query parameter parsing in net/url
  More info: https://pkg.go.dev/vuln/GO-2026-4341
  Standard library
    Found in: net/[email protected]
    Fixed in: net/[email protected]
    Example traces found:
Error:       #1: internal/broker/broker.go:482:51: broker.Broker.generateUILayout calls oauth2.Config.DeviceAuth, which eventually calls url.ParseQuery
Error:       #2: internal/providers/msentraid/msmock_test.go:175:18: msentraid_test.mockMSServer.handleAuthorizeRequest calls url.URL.Query

Vulnerability #2: GO-2026-4340
    Handshake messages may be processed at the incorrect encryption level in
    crypto/tls
  More info: https://pkg.go.dev/vuln/GO-2026-4340
  Standard library
    Found in: crypto/[email protected]
    Fixed in: crypto/[email protected]
    Example traces found:
Error:       #1: internal/testutils/provider.go:104:14: testutils.StartMockProviderServer calls httptest.Server.Start, which eventually calls tls.Conn.HandshakeContext
Error:       #2: cmd/authd-oidc/daemon/daemon_test.go:211:18: daemon_test.TestAppCanSigHupWithoutExecute calls io.Copy, which eventually calls tls.Conn.Read
Error:       #3: cmd/authd-oidc/daemon/daemon_test.go:399:14: daemon_test.TestMain calls fmt.Fprintf, which calls tls.Conn.Write
Error:       #4: internal/broker/broker.go:482:51: broker.Broker.generateUILayout calls oauth2.Config.DeviceAuth, which eventually calls tls.Dialer.DialContext

@adombeck
brokers: Bump Go toolchain version to 1.24.12
e2a6329 
govulncheck reports the following vulnerabilities in go1.24.11

Vulnerability #1: GO-2026-4341
    Memory exhaustion in query parameter parsing in net/url
  More info: https://pkg.go.dev/vuln/GO-2026-4341
  Standard library
    Found in: net/[email protected]
    Fixed in: net/[email protected]
    Example traces found:
Error:       #1: internal/broker/broker.go:482:51: broker.Broker.generateUILayout calls oauth2.Config.DeviceAuth, which eventually calls url.ParseQuery
Error:       #2: internal/providers/msentraid/msmock_test.go:175:18: msentraid_test.mockMSServer.handleAuthorizeRequest calls url.URL.Query

Vulnerability #2: GO-2026-4340
    Handshake messages may be processed at the incorrect encryption level in
    crypto/tls
  More info: https://pkg.go.dev/vuln/GO-2026-4340
  Standard library
    Found in: crypto/[email protected]
    Fixed in: crypto/[email protected]
    Example traces found:
Error:       #1: internal/testutils/provider.go:104:14: testutils.StartMockProviderServer calls httptest.Server.Start, which eventually calls tls.Conn.HandshakeContext
Error:       #2: cmd/authd-oidc/daemon/daemon_test.go:211:18: daemon_test.TestAppCanSigHupWithoutExecute calls io.Copy, which eventually calls tls.Conn.Read
Error:       #3: cmd/authd-oidc/daemon/daemon_test.go:399:14: daemon_test.TestMain calls fmt.Fprintf, which calls tls.Conn.Write
Error:       #4: internal/broker/broker.go:482:51: broker.Broker.generateUILayout calls oauth2.Config.DeviceAuth, which eventually calls tls.Dialer.DialContext
@codecov
Copy link

codecov bot commented Jan 31, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.57%. Comparing base (43be129) to head (e2a6329).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1233      +/-   ##
==========================================
- Coverage   87.61%   80.57%   -7.04%     
==========================================
  Files          91       20      -71     
  Lines        6231      978    -5253     
  Branches      111        0     -111     
==========================================
- Hits         5459      788    -4671     
+ Misses        716      190     -526     
+ Partials       56        0      -56

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@adombeck adombeck marked this pull request as ready for review January 31, 2026 00:42
@adombeck adombeck merged commit 4122d7a into main Feb 2, 2026
8 of 9 checks passed
@adombeck adombeck deleted the brokers-go-1.24.12 branch February 2, 2026 12:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@denisonbarbosa denisonbarbosa denisonbarbosa approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@adombeck @denisonbarbosa