Skip to content

Commit

Permalink
fix(snap): build snap with Go 1.22 to fix CVE-2024-24790 (#448)
Browse files Browse the repository at this point in the history 
Although not shown in the CI (because Trivy is being run with `trivy
fs`, which [doesn't consider the Pebble
binary](https://aquasecurity.github.io/trivy/v0.24.4/vulnerability/detection/language/)),
there currently is a reported CVE in the Pebble snap (CVE-2024-24790).

This CVE seems to have been fixed on newer versions of Go, but we are
still using Go 1.20 to build the Pebble snap.

This PR bumps this build dependency to Go 1.22.
  • Loading branch information
@cjdcordeiro @benhoyt
cjdcordeiro authored and benhoyt committed Jul 15, 2024
1 parent 128e537 commit 8a0287b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion snap/snapcraft.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ parts:
plugin: go
source: .
build-snaps:
- go/1.20/stable
- go/1.22/stable
override-build: |
go generate ./cmd
CGO_ENABLED=0 go build -trimpath -ldflags=-w -ldflags=-s -o $CRAFT_PART_INSTALL/bin/pebble ./cmd/pebble
Expand Down

0 comments on commit 8a0287b

Please sign in to comment.