How do I update golang standard library in my go application?

huangapple go评论83阅读模式
英文:

How do I update golang standard library in my go application?

问题

我有一个使用go 1.16.4构建的应用程序,它使用Go标准库的archive/zip组件(导入)。我查看了golang发布说明,发现在golang 1.16.5中修复了archive/zip的安全漏洞。我如何确保我的应用程序不再存在漏洞?我必须升级go本身的版本,然后使用新版本的go重新构建吗?还是我可以将修复后的组件的新版本放入vendor目录,然后重新构建?构建机器的$GOROOT目录中的文件必须更新吗?

英文:

I have an application that was built with go 1.16.4, which uses (imports) the archive/zip component of the Go std lib. I took a look at the golang Release Notes and see that a security vulnerability has been fixed in archive/zip in golang 1.16.5. How do I ensure that my application is no longer vulnerable? Must I upgrade my version of go itself, and then rebuild with that new version of go? Or could I vendor the newer version of the fixed component then rebuild? Must the files in the build machine's $GOROOT be updated?

答案1

得分: 1

> 我必须升级我的 go 版本,然后使用新版本的 go 重新构建吗?

是的...

  1. 升级 Go。
  2. 重新构建。

> 或者我可以将修复的组件的新版本放入 vendor 目录,然后重新构建吗?

不可以,你不能将 Go 标准库放入 vendor 目录。

> 构建机器的 $GOROOT 目录中的文件必须更新吗?

GOROOT 是 Go SDK 安装的根目录。当你在机器(或容器)上升级 Go(调用 go build/go install)时,它会被更新。

英文:

> Must I upgrade my version of go itself, and then rebuild with that new version of go?

Yes...

  1. Upgrade Go.
  2. Rebuild.

> Or could I vendor the newer version of the fixed component then rebuild?

No, you can't vendor the Go standard library.

> Must the files in the build machine's $GOROOT be updated?

GOROOT is the root folder of the Go SDK installation. It is updated when you upgrade Go on the machine (or container) that invokes go build/go install.

huangapple
  • 本文由 发表于 2021年7月28日 05:45:29
  • 转载请务必保留本文链接:https://go.coder-hub.com/68552103.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定