From bd97bfe076be42b876dee4b0f4523084b4d20bb7 Mon Sep 17 00:00:00 2001 From: Mauro Antonio Sanz Date: Tue, 9 Dec 2025 12:19:23 -0300 Subject: [PATCH 1/3] bump versions --- CHANGES.txt | 11 +++++++++++ docker/Dockerfile.proxy | 4 ++-- docker/Dockerfile.synchronizer | 4 ++-- go.mod | 14 +++++++------- go.sum | 24 ++++++++++++------------ splitio/version.go | 2 +- 6 files changed, 35 insertions(+), 24 deletions(-) diff --git a/CHANGES.txt b/CHANGES.txt index d0c35e62..c7991f90 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,14 @@ +5.11.1 (Dec 9, 2025) +- Fixed vulnerabilities: + - Updated golang image to 1.24.11 + - Updated debian image to 13.2 + - Updated golang.org/x/arch to v0.23.0 + - Updated golang.org/x/crypto to v0.46.0 + - Updated golang.org/x/net to v0.48.0 + - Updated golang.org/x/sync to v0.19.0 + - Updated golang.org/x/sys to v0.39.0 + - Updated golang.org/x/text to v0.32.0 + 5.11.0 (Nov 12, 2025) - Split Proxy: - Added support for rule-based segment. These segments determine membership at runtime by evaluating their configured rules against the user attributes provided to the SDK. diff --git a/docker/Dockerfile.proxy b/docker/Dockerfile.proxy index 024ee397..7a264759 100644 --- a/docker/Dockerfile.proxy +++ b/docker/Dockerfile.proxy @@ -1,5 +1,5 @@ # Build stage -FROM golang:1.24.9-bookworm AS builder +FROM golang:1.24.11-bookworm AS builder ARG EXTRA_BUILD_ARGS ARG FIPS_MODE @@ -17,7 +17,7 @@ RUN bash -c 'if [[ "${FIPS_MODE}" = "enabled" ]]; \ fi' # Runner stage -FROM debian:13.1 AS runner +FROM debian:13.2 AS runner RUN apt update -y RUN apt install -y bash ca-certificates diff --git a/docker/Dockerfile.synchronizer b/docker/Dockerfile.synchronizer index 5d60edff..ccb33c71 100644 --- a/docker/Dockerfile.synchronizer +++ b/docker/Dockerfile.synchronizer @@ -1,5 +1,5 @@ # Build stage -FROM golang:1.24.9-bookworm AS builder +FROM golang:1.24.11-bookworm AS builder ARG EXTRA_BUILD_ARGS ARG FIPS_MODE @@ -18,7 +18,7 @@ RUN bash -c 'if [[ "${FIPS_MODE}" = "enabled" ]]; \ fi' # Runner stage -FROM debian:13.1 AS runner +FROM debian:13.2 AS runner RUN apt update -y RUN apt install -y bash ca-certificates diff --git a/go.mod b/go.mod index 8c2d34de..a21ea10e 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/splitio/split-synchronizer/v5 -go 1.24.7 +go 1.24.11 require ( github.com/gin-contrib/cors v1.6.0 @@ -44,12 +44,12 @@ require ( github.com/stretchr/objx v0.5.2 // indirect github.com/twitchyliquid64/golang-asm v0.15.1 // indirect github.com/ugorji/go/codec v1.3.0 // indirect - golang.org/x/arch v0.20.0 // indirect - golang.org/x/crypto v0.41.0 // indirect - golang.org/x/net v0.43.0 // indirect - golang.org/x/sync v0.16.0 // indirect - golang.org/x/sys v0.35.0 // indirect - golang.org/x/text v0.28.0 // indirect + golang.org/x/arch v0.23.0 // indirect + golang.org/x/crypto v0.46.0 // indirect + golang.org/x/net v0.48.0 // indirect + golang.org/x/sync v0.19.0 // indirect + golang.org/x/sys v0.39.0 // indirect + golang.org/x/text v0.32.0 // indirect google.golang.org/protobuf v1.36.8 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 0827631c..c5bcbc9d 100644 --- a/go.sum +++ b/go.sum @@ -97,22 +97,22 @@ github.com/ugorji/go/codec v1.3.0 h1:Qd2W2sQawAfG8XSvzwhBeoGq71zXOC/Q1E9y/wUcsUA github.com/ugorji/go/codec v1.3.0/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4= go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU= go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= -golang.org/x/arch v0.20.0 h1:dx1zTU0MAE98U+TQ8BLl7XsJbgze2WnNKF/8tGp/Q6c= -golang.org/x/arch v0.20.0/go.mod h1:bdwinDaKcfZUGpH09BB7ZmOfhalA8lQdzl62l8gGWsk= -golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= -golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= +golang.org/x/arch v0.23.0 h1:lKF64A2jF6Zd8L0knGltUnegD62JMFBiCPBmQpToHhg= +golang.org/x/arch v0.23.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A= +golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU= +golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0= golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI= golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= -golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= -golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= -golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= -golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= +golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= +golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= +golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= -golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= -golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= +golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= +golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= +golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/splitio/version.go b/splitio/version.go index 3bd5557e..9a436d33 100644 --- a/splitio/version.go +++ b/splitio/version.go @@ -2,4 +2,4 @@ package splitio // Version is the version of this Agent -const Version = "5.11.0" +const Version = "5.11.1" From b6d4916fc44fd499c21989df6a9206ded6f2207a Mon Sep 17 00:00:00 2001 From: Mauro Sanz <51236193+sanzmauro@users.noreply.github.com> Date: Wed, 10 Dec 2025 12:05:20 -0300 Subject: [PATCH 2/3] Update CHANGES.txt Co-authored-by: gthea --- CHANGES.txt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/CHANGES.txt b/CHANGES.txt index c7991f90..eb88519c 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -2,12 +2,12 @@ - Fixed vulnerabilities: - Updated golang image to 1.24.11 - Updated debian image to 13.2 - - Updated golang.org/x/arch to v0.23.0 - - Updated golang.org/x/crypto to v0.46.0 - - Updated golang.org/x/net to v0.48.0 - - Updated golang.org/x/sync to v0.19.0 - - Updated golang.org/x/sys to v0.39.0 - - Updated golang.org/x/text to v0.32.0 + - Updated golang.org/x/arch to 0.23.0 + - Updated golang.org/x/crypto to 0.46.0 + - Updated golang.org/x/net to 0.48.0 + - Updated golang.org/x/sync to 0.19.0 + - Updated golang.org/x/sys to 0.39.0 + - Updated golang.org/x/text to 0.32.0 5.11.0 (Nov 12, 2025) - Split Proxy: From 54b95ea614fb0df91ebea2f226e997b6fe7b0758 Mon Sep 17 00:00:00 2001 From: Mauro Antonio Sanz Date: Tue, 16 Dec 2025 14:07:33 -0300 Subject: [PATCH 3/3] update date --- CHANGES.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES.txt b/CHANGES.txt index c7991f90..53594186 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,4 @@ -5.11.1 (Dec 9, 2025) +5.11.1 (Dec 16, 2025) - Fixed vulnerabilities: - Updated golang image to 1.24.11 - Updated debian image to 13.2