Skip to content

[Snyk] Security upgrade golang from 1.24 to 1.26.4#1507

Open
c-warren wants to merge 1 commit into
masterfrom
snyk-fix-b12173af57972aa615a6cc5d797df68f
Open

[Snyk] Security upgrade golang from 1.24 to 1.26.4#1507
c-warren wants to merge 1 commit into
masterfrom
snyk-fix-b12173af57972aa615a6cc5d797df68f

Conversation

@c-warren
Copy link
Copy Markdown
Contributor

@c-warren c-warren commented Jun 3, 2026

snyk-top-banner

Snyk has created this PR to fix 3 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

  • docker/github_actions/Dockerfile

We recommend upgrading to golang:1.26.4, as this image has only 162 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
critical severity Integer Underflow
SNYK-DEBIAN13-GNUTLS28-16344314		   714  
critical severity CVE-2026-42010
SNYK-DEBIAN13-GNUTLS28-16344357		   714  
critical severity CVE-2026-31789
SNYK-DEBIAN13-OPENSSL-15969301		   714  
critical severity CVE-2026-31789
SNYK-DEBIAN13-OPENSSL-15969301		   714  
critical severity CVE-2026-31789
SNYK-DEBIAN13-OPENSSL-15969301		   714  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@codecov
Copy link
Copy Markdown

codecov Bot commented Jun 3, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.83%. Comparing base (7275259) to head (a7e4022).

❌ Your project check has failed because the head coverage (84.83%) is below the target coverage (85.00%). You can increase the head coverage or adjust the target coverage.
see 1 file with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7275259...a7e4022. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@gitar-bot
Copy link
Copy Markdown

gitar-bot Bot commented Jun 3, 2026

CI failed: The CI failed due to a missing conventional commit prefix in the PR title, failures in unit tests within the /internal/ package, and build errors triggered by uncommitted changes in auto-generated files like mocks.

Overview

Multiple distinct failure patterns were identified, including configuration errors in the PR metadata, build failures due to environment-induced code generation diffs, and unit test regressions in the internal package.

Failures

PR Title Validation Error (confidence: high)

  • Type: configuration
  • Affected jobs: N/A (CI workflow triggered)
  • Related to change: yes
  • Root cause: The pull request title does not contain a valid conventional commit prefix (e.g., 'chore:', 'feat:', 'fix:').
  • Suggested fix: Rename the PR title to conform to conventional commits (e.g., "chore: [Snyk] Security upgrade golang from 1.24 to 1.26.4").

Build Failure: Uncommitted Generated Files (confidence: high)

  • Type: build
  • Affected jobs: 79267418427, 79267425688
  • Related to change: yes
  • Root cause: scripts/golint.sh detects uncommitted changes to generated files (mocks, thrift code) after make build executes in the CI environment.
  • Suggested fix: Run make build locally to update all generated artifacts and commit the resulting changes to the branch before pushing.

Unit Test Failures in /internal/ (confidence: medium)

  • Type: test
  • Affected jobs: 79267418461
  • Related to change: yes
  • Root cause: Regressions in the /internal/ package unit tests, likely exacerbated by the Go 1.26.4 upgrade and potential race conditions in log synchronization handled by testlogger.go.
  • Suggested fix: Run go test -v ./internal/ locally to isolate the failing tests and verify that the testlogger logic remains compatible with the Go 1.26+ concurrency model.

Summary

  • Change-related failures: 3 (PR title format, build-time generated code diffs, and unit test regressions).
  • Infrastructure/flaky failures: 0.
  • Recommended action: Update the PR title first to allow the pipeline to proceed. Then, synchronize all generated files locally by running make build, commit those changes, and investigate the specific failures in the internal package tests.
Code Review ✅ Approved

Upgrades the Go base image from 1.24 to 1.26.4 in the Dockerfile to address critical security vulnerabilities in GnuTLS and OpenSSL. No issues found.

Tip

Comment Gitar fix CI or enable auto-apply: gitar auto-apply:on

Options

Auto-apply is off → Gitar will not commit updates to this branch.
Display: compact → Showing less information.

Comment with these commands to change:

Auto-apply Compact 
gitar auto-apply:on         

gitar display:verbose

Was this helpful? React with 👍 / 👎 | Gitar

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shijiesheng shijiesheng Awaiting requested review from shijiesheng shijiesheng is a code owner

@jakobht jakobht Awaiting requested review from jakobht jakobht is a code owner

@dkrotx dkrotx Awaiting requested review from dkrotx dkrotx is a code owner

@demirkayaender demirkayaender Awaiting requested review from demirkayaender demirkayaender is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@c-warren @snyk-bot