Backport of [NET-4865] security: Update Go version to 1.20.6 into release/1.15.x #18194
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport
This PR is auto-generated from #18190 to be assessed for backporting due to the inclusion of the label backport/1.15.
The below text is copied from the body of the original PR.
This resolves CVE-2023-29406 for uses of the
net/http
standard library.Note that until the follow-up to #18124 is done, the version of Go used in those impacted tests will need to remain on 1.20.5.
See related PR for
golang.org/x/net
dependencies: #18186Description
Resolves CVE and brings us up to the latest version of Go.
Testing & Reproduction steps
Tests should continue to pass.
Links
https://nvd.nist.gov/vuln/detail/CVE-2023-29406
https://go-review.googlesource.com/c/go/+/506996
https://go-review.googlesource.com/c/net/+/506995
PR Checklist
Overview of commits