2023-11-09 14:17:14 -05:00
# Bump Go version
2024-05-08 05:34:31 -04:00
2023-11-09 14:17:14 -05:00
`govulncheck` from the bazel `check` target will fail if our code is vulnerable, which is often the case when a patch version was released with security fixes.
## Steps
2024-06-05 04:27:39 -04:00
Replace `"1.xx.x"` with the new version in [MODULE.bazel ](/MODULE.bazel ):
2023-11-09 14:17:14 -05:00
2024-01-05 05:52:22 -05:00
```starlark
2024-05-22 04:49:00 -04:00
go_sdk = use_extension("@io_bazel_rules_go//go:extensions.bzl", "go_sdk")
go_sdk.download(
2024-05-08 05:34:31 -04:00
name = "go_sdk",
patches = ["//3rdparty/bazel/org_golang:go_tls_max_handshake_size.patch"],
version = "1.xx.x", < --- Replace this one
~~~~~~~~
)
2024-01-05 05:52:22 -05:00
```
2024-06-05 04:27:39 -04:00
Replace `go-version: "1.xx.x"` with the new version in all GitHub actions and workflows.
You can use the following command to find replace all instances of `go-version: "1.xx.x"` in the `.github` directory:
```bash
OLD_VERSION="1.xx.x"
NEW_VERSION="1.xx.y"
find .github -type f -exec sed -i "s/go-version: \"${OLD_VERSION}\"/go-version: \"${NEW_VERSION}\"/g" {} \;
2024-07-03 03:49:37 -04:00
sed -i "s/go ${OLD_VERSION}/go ${NEW_VERSION}/g" go.mod
sed -i "s/${OLD_VERSION}/${NEW_VERSION}/g" go.work
2024-06-05 04:27:39 -04:00
```
Or manually:
```yaml
- name: Setup Go environment
uses: actions/setup-go@v5
with:
go-version: "1.xx.x" < --- Replace this one
~~~~~~~~
```