update to go1.22.7, go1.23.1

thaJeztah · thaJeztah · commit 19d678f732da · 2024-09-06T16:18:00.000+02:00
- https://github.com/golang/go/issues?q=milestone%3AGo1.27.7+label%3ACherryPickApproved - full diff: golang/go@go1.22.6...go1.22.7 These minor releases include 3 security fixes following the security policy: - go/parser: stack exhaustion in all Parse* functions Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. This is CVE-2024-34155 and Go issue https://go.dev/issue/69138. - encoding/gob: stack exhaustion in Decoder.Decode Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Thanks to Md Sakib Anwar of The Ohio State University for reporting this issue. This is CVE-2024-34156 and Go issue https://go.dev/issue/69139. - go/build/constraint: stack exhaustion in Parse Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. This is CVE-2024-34158 and Go issue https://go.dev/issue/69141. View the release notes for more information: https://go.dev/doc/devel/release#go1.22.7 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
diff --git a/.github/actions/install-go/action.yml b/.github/actions/install-go/action.yml
@@ -3,7 +3,7 @@ description: "Reusable action to install Go, so there is one place to bump Go ve
 inputs:
   go-version:
     required: true
-    default: "1.22.6"
+    default: "1.22.7"
     description: "Go version to install"
 
 runs:
diff --git a/.github/workflows/api-release.yml b/.github/workflows/api-release.yml
@@ -6,7 +6,7 @@ on:
 name: API Release
 
 env:
-  GO_VERSION: "1.22.6"
+  GO_VERSION: "1.22.7"
 
 permissions: # added using https://github.com/step-security/secure-workflows
   contents: read
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -192,7 +192,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-20.04, actuated-arm64-4cpu-16gb, macos-12, windows-2019, windows-2022]
-        go-version: ["1.22.6", "1.23.0"]
+        go-version: ["1.22.7", "1.23.1"]
     steps:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/install-go
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -13,7 +13,7 @@ on:
 name: Release
 
 env:
-  GO_VERSION: "1.22.6"
+  GO_VERSION: "1.22.7"
 
 permissions: # added using https://github.com/step-security/secure-workflows
   contents: read
diff --git a/Vagrantfile b/Vagrantfile
@@ -104,7 +104,7 @@ EOF
   config.vm.provision "install-golang", type: "shell", run: "once" do |sh|
     sh.upload_path = "/tmp/vagrant-install-golang"
     sh.env = {
-        'GO_VERSION': ENV['GO_VERSION'] || "1.22.6",
+        'GO_VERSION': ENV['GO_VERSION'] || "1.22.7",
     }
     sh.inline = <<~SHELL
         #!/usr/bin/env bash
diff --git a/contrib/Dockerfile.test b/contrib/Dockerfile.test
@@ -29,7 +29,7 @@
 #   docker run --privileged containerd-test
 # ------------------------------------------------------------------------------
 
-ARG GOLANG_VERSION=1.22.6
+ARG GOLANG_VERSION=1.22.7
 ARG GOLANG_IMAGE=golang
 
 FROM ${GOLANG_IMAGE}:${GOLANG_VERSION} AS golang
diff --git a/contrib/fuzz/oss_fuzz_build.sh b/contrib/fuzz/oss_fuzz_build.sh
@@ -43,11 +43,11 @@ go run main.go --target_dir $SRC/containerd/images
 
 apt-get update && apt-get install -y wget
 cd $SRC
-wget --quiet https://go.dev/dl/go1.22.6.linux-amd64.tar.gz
+wget --quiet https://go.dev/dl/go1.22.7.linux-amd64.tar.gz
 
 mkdir temp-go
 rm -rf /root/.go/*
-tar -C temp-go/ -xzf go1.22.6.linux-amd64.tar.gz
+tar -C temp-go/ -xzf go1.22.7.linux-amd64.tar.gz
 mv temp-go/go/* /root/.go/
 cd $SRC/containerd
 
diff --git a/script/setup/prepare_env_windows.ps1 b/script/setup/prepare_env_windows.ps1
@@ -5,7 +5,7 @@
 # lived test environment.
 Set-MpPreference -DisableRealtimeMonitoring:$true
 
-$PACKAGES= @{ mingw = "10.2.0"; git = ""; golang = "1.22.6"; make = ""; nssm = "" }
+$PACKAGES= @{ mingw = "10.2.0"; git = ""; golang = "1.22.7"; make = ""; nssm = "" }
 
 Write-Host "Downloading chocolatey package"
 curl.exe -L "https://packages.chocolatey.org/chocolatey.0.10.15.nupkg" -o 'c:\choco.zip'

Original file line number	Diff line number	Diff line change
`@@ -104,7 +104,7 @@ EOF`
`104`	`104`	`config.vm.provision "install-golang", type: "shell", run: "once" do \|sh\|`
`105`	`105`	`sh.upload_path = "/tmp/vagrant-install-golang"`
`106`	`106`	`sh.env = {`
`107`		`- 'GO_VERSION': ENV['GO_VERSION'] \|\| "1.22.6",`
	`107`	`+ 'GO_VERSION': ENV['GO_VERSION'] \|\| "1.22.7",`
`108`	`108`	`}`
`109`	`109`	`sh.inline = <<~SHELL`
`110`	`110`	`#!/usr/bin/env bash`