From 597703b104734ac316f5286da24bf471f1c0ca74 Mon Sep 17 00:00:00 2001 From: Wilken Rivera Date: Mon, 2 Oct 2023 15:47:05 +0000 Subject: [PATCH] Bump Go tool chain to 1.20 This change was made to address a number of vulnerabilities reported by govulncheck ``` ~> govulncheck ./... Scanning your code and 599 packages across 99 dependent modules for known vulnerabilities... Vulnerability #1: GO-2023-2043 Improper handling of special tags within script contexts in html/template More info: https://pkg.go.dev/vuln/GO-2023-2043 Standard library Found in: html/template@go1.19.13 Fixed in: html/template@go1.21.1 Example traces found: #1: multistep/commonsteps/step_http_server.go:123:2: commonsteps.StepHTTPServer.Run calls http.Server.Serve, which eventually calls template.Template.Execute #2: multistep/commonsteps/step_http_server.go:123:2: commonsteps.StepHTTPServer.Run calls http.Server.Serve, which eventually calls template.Template.ExecuteTemplate Vulnerability #2: GO-2023-2041 Improper handling of HTML-like comments in script contexts in html/template More info: https://pkg.go.dev/vuln/GO-2023-2041 Standard library Found in: html/template@go1.19.13 Fixed in: html/template@go1.21.1 Example traces found: #1: multistep/commonsteps/step_http_server.go:123:2: commonsteps.StepHTTPServer.Run calls http.Server.Serve, which eventually calls template.Template.Execute #2: multistep/commonsteps/step_http_server.go:123:2: commonsteps.StepHTTPServer.Run calls http.Server.Serve, which eventually calls template.Template.ExecuteTemplate Your code is affected by 2 vulnerabilities from the Go standard library. ``` --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 22440e680..af5e90bec 100644 --- a/go.mod +++ b/go.mod @@ -117,6 +117,6 @@ require ( google.golang.org/protobuf v1.28.1 // indirect ) -go 1.19 +go 1.20 retract v0.5.0 // v0.5.0 of the SDK was broken because of the replace statement for go-cty