Backport of Upgrade to go 1.21.8 into release/1.4.x #3753

hc-github-team-consul-core · 2024-03-14T22:46:52Z

Backport

This PR is auto-generated from #3741 to be assessed for backporting due to the inclusion of the label backport/1.4.x.

The below text is copied from the body of the original PR.

Upgrade to use Go 1.21.8. This resolves CVEs
CVE-2024-24783 (crypto/x509). CVE-2023-45290 (net/http). CVE-2023-45289 (net/http, net/http/cookiejar). CVE-2024-24785 (html/template). CVE-2024-24784 (net/mail).

Update the Consul Build Go base image to alpine3.19. This resolves CVEs CVE-2023-52425 CVE-2023-52426⁠

Overview of commits

Chris S. Kim added 2 commits March 14, 2024 14:18

backport of commit a860f16

8c34232

backport of commit 8174632

06af090

hc-github-team-consul-core force-pushed the backport/goversion/abnormally-calm-pika branch from dc5f1e9 to 06af090 Compare March 14, 2024 22:46

hc-github-team-consul-core assigned kisunji Mar 14, 2024

hc-github-team-consul-core enabled auto-merge (squash) March 14, 2024 22:46

hc-github-team-consul-core requested a review from kisunji March 14, 2024 22:46

kisunji approved these changes Mar 18, 2024

View reviewed changes

hc-github-team-consul-core merged commit 9fa62c5 into release/1.4.x Mar 18, 2024
47 of 49 checks passed

hc-github-team-consul-core deleted the backport/goversion/abnormally-calm-pika branch March 18, 2024 15:13