go: Bump to 1.22.3 for non-FIPS image (!802) · Merge requests · GitLab.org / gitlab-build-images

James Liu requested to merge jamesliu-gitlab-master-patch-78048 into master May 08, 2024

What does this MR do and why?

Go 1.22.2 appears to have a vulnerability in the standard library which causes govulncheck to fail. See https://gitlab.com/gitlab-org/gitaly/-/jobs/6802703640 as an example.

Bump the non-FIPS version of Go 1.22 to 1.22.3, which has a fix for the issue. There is currently no FIPS fork of 1.22.3 yet, so leave the version as-is.

Checklist

(If applicable) Add patches if required for upgrading Ruby version in https://gitlab.com/gitlab-org/gitlab-build-images/-/tree/master/patches/ruby.

go: Bump to 1.22.3 for non-FIPS image

What does this MR do and why?

Checklist

Merge request reports