[Snyk] Security upgrade golang from 1.12.4-alpine to 1.25.1-alpine#9
[Snyk] Security upgrade golang from 1.12.4-alpine to 1.25.1-alpine#9RealTschoegl wants to merge 1 commit intomasterfrom
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE39-MUSL-458529 - https://snyk.io/vuln/SNYK-ALPINE39-MUSL-458529 - https://snyk.io/vuln/SNYK-ALPINE39-OPENSSL-1089232 - https://snyk.io/vuln/SNYK-ALPINE39-OPENSSL-1089235 - https://snyk.io/vuln/SNYK-ALPINE39-OPENSSL-588029
Upgrade the e2e Docker build base image in Dockerfile-e2e to
|
|
Please mark whether you used AI to assist coding in this PR
|
![gitstream-cm[bot]](https://avatars.githubusercontent.com/in/230441?s=60&v=4){kind=small}
There was a problem hiding this comment.
✨ PR Review
This PR upgrades Go from version 1.12.4 to 1.25.1, which is an extremely large version jump spanning over 10 major releases that could introduce significant breaking changes.
1 issues detected:
🐞 Bug - Extremely large version jumps in core runtime dependencies can introduce unexpected breaking changes.
Details: The Go version is being upgraded from 1.12.4 to 1.25.1, which spans over 10 major releases. This massive version jump could introduce breaking changes in language features, standard library APIs, module system behavior, or compilation requirements that may cause the application to fail to build or run correctly.
File:Dockerfile-e2e (1-1)
Generated by LinearB AI and added by gitStream.
AI-generated content may contain inaccuracies. Please verify before using. We'd love your feedback! 🚀
| @@ -1,4 +1,4 @@ | |||
| FROM golang:1.12.4-alpine | |||
| FROM golang:1.25.1-alpine | |||
There was a problem hiding this comment.
🐞 Bug - Major Version Jump: Consider upgrading Go incrementally through intermediate versions to identify and resolve compatibility issues, or thoroughly test the application with Go 1.25.1 to ensure all functionality works as expected.
| FROM golang:1.25.1-alpine | |
| FROM golang:1.21-alpine |
2 participants
Snyk has created this PR to fix 4 vulnerabilities in the dockerfile dependencies of this project.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Snyk changed the following file(s):
Dockerfile-e2eWe recommend upgrading to
golang:1.25.1-alpine, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.Vulnerabilities that will be fixed with an upgrade:
SNYK-ALPINE39-MUSL-458529
SNYK-ALPINE39-MUSL-458529
SNYK-ALPINE39-OPENSSL-1089232
SNYK-ALPINE39-OPENSSL-1089235
SNYK-ALPINE39-OPENSSL-588029
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 NULL Pointer Dereference