TT-14244: [release-5.3] Bump go, set godebug for compatibility #6913

titpetric · 2025-03-02T07:58:13Z

User description

https://tyktech.atlassian.net/browse/TT-14244

PR Type

Enhancement

Description

Bump Go version to 1.23.6.
Add multiple godebug flags.
Enhance TLS and x509 debug compatibility.

Changes walkthrough 📝

Relevant files

Enhancement

go.mod `Upgrade Go version and insert godebug flags.` go.mod Upgraded Go version from 1.23.4 to 1.23.6. Added godebug flag for tls10server. Added godebug flag for tls3des. Added godebug flag for tlsrsakex. Added godebug flag for tlsunsafeekm. Added godebug flag for x509keypairleaf. Added godebug flag for x509negativeserial.	+13/-1

Need help?
Type /help how to ... in the comments thread for any questions about PR-Agent usage.
Check out the documentation for more information.

github-actions · 2025-03-02T07:58:58Z

API Changes

no api changes detected

github-actions · 2025-03-02T07:59:03Z

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪
🧪 No relevant tests
🔒 No security concerns identified
⚡ Recommended focus areas for review Compatibility Check Confirm that the upgrade to Go 1.23.6 and the addition of multiple godebug flags do not conflict with existing dependency requirements or runtime compatibility. module github.com/TykTechnologies/tyk go 1.23.6 godebug tls10server=1 godebug tls3des=1 godebug tlsrsakex=1 godebug tlsunsafeekm=1 godebug x509keypairleaf=0 godebug x509negativeserial=1

github-actions · 2025-03-02T07:59:20Z

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Security	Remove insecure TLS debug flags Review and remove or conditionally enable the insecure TLS debugging flags to prevent potential security vulnerabilities in production. go.mod [5-15] -godebug tls10server=1 -godebug tls3des=1 -godebug tlsrsakex=1 -godebug tlsunsafeekm=1 -godebug x509keypairleaf=0 -godebug x509negativeserial=1 +# Consider removing these flags or enabling them only for testing environments to enhance security. Suggestion importance[1-10]: 7 __ Why: The suggestion rightly highlights potential production security issues by flagging insecure TLS debugging options, though it only provides a comment rather than a concrete code change.	Medium

sonarqubecloud · 2025-03-02T08:14:05Z

Quality Gate failed

Failed conditions
6 Security Hotspots
75.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud

Bump go, set godebug for compatibility

dad5718

buger added Task Tyk Product Development labels Mar 2, 2025

github-actions bot added the Review effort 2/5 label Mar 2, 2025

titpetric changed the title ~~TT-14244: Bump go, set godebug for compatibility~~ TT-14244: [release-5.3] Bump go, set godebug for compatibility Mar 2, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TT-14244: [release-5.3] Bump go, set godebug for compatibility #6913

TT-14244: [release-5.3] Bump go, set godebug for compatibility #6913

titpetric commented Mar 2, 2025 •

edited by github-actions bot

Loading

github-actions bot commented Mar 2, 2025

github-actions bot commented Mar 2, 2025

github-actions bot commented Mar 2, 2025

sonarqubecloud bot commented Mar 2, 2025

TT-14244: [release-5.3] Bump go, set godebug for compatibility #6913

Are you sure you want to change the base?

TT-14244: [release-5.3] Bump go, set godebug for compatibility #6913

Conversation

titpetric commented Mar 2, 2025 • edited by github-actions bot Loading

User description

PR Type

Description

Changes walkthrough 📝

github-actions bot commented Mar 2, 2025

github-actions bot commented Mar 2, 2025

PR Reviewer Guide 🔍

github-actions bot commented Mar 2, 2025

PR Code Suggestions ✨

sonarqubecloud bot commented Mar 2, 2025

Quality Gate failed

titpetric commented Mar 2, 2025 •

edited by github-actions bot

Loading