Dependency update - Golang 1.15.7

[justaugustus]

Tracking info

Golang 1.15.7 is a security release scheduled to come out on 1/19.
@kubernetes/release-engineering
/assign @ameukam @cpanato
cc: @RobertKielty

Link to any previous tracking issue:

Golang mailing list announcement: https://groups.google.com/g/golang-announce/c/KvrRblbXp_w, https://groups.google.com/g/golang-announce/c/mperVMGa98w

SIG Release Slack thread: https://kubernetes.slack.com/archives/C2C40FMNF/p1610736817029800

Work items for gox.y.z

• kube-cross image update: Build images using Go 1.15.7 #1857

  • image promotion: releng: Promote kube-cross:v1.15.7-2 k8s.io#1562

• go-runner image update: Build images using Go 1.15.7 #1857

  • image promotion: releng: Promote go-runner:buster-v2.2.4 k8s.io#1575

• vulndash image update: Build images using Go 1.15.7 #1857

  • image promotion: releng: Promote vulndash:v0.4.3-1 k8s.io#1563

• releng-ci image update: Build images using Go 1.15.7 #1857

  • image promotion: releng: Promote releng-ci:v0.1.3 k8s.io#1564

During kube-cross image promotion

• kubernetes/repo-infra update: Update bazel_toolchains to 3.7.2 repo-infra#223

• kubernetes/repo-infra release cut: Not needed the latest release https://github.com/kubernetes/repo-infra/releases/tag/v0.2.0 have the support the go 1.15.7 (https://kubernetes.slack.com/archives/C2C40FMNF/p1611575704030800?thread_ts=1610736817.029800&cid=C2C40FMNF)

After kube-cross image promotion

• kubernetes/kubernetes update (master): [go1.15] Update to go1.15.7 kubernetes#98363

  Ensure the following have been updated within the PR:

  - [ ] rules_go

  • kube-cross image
  • go-runner image
  • publishing bot rules

After kubernetes/kubernetes has been updated

• k8s-cloud-builder image update: Update k8s-cloud-builder to v1.15.7-2 and k8s-ci-builder to 1.15.7 #1876

• k8s-ci-builder image variants update: Update k8s-cloud-builder to v1.15.7-2 and k8s-ci-builder to 1.15.7 #1876

• kubekins/krte image variants update: releng(kubekins): Update Golang versions to go1.15.7 test-infra#20623

Cherry picks

• Kubernetes 1.20: [1.20][go1.15] Update to go1.15.7 kubernetes#98533
• Kubernetes x.y-2:
• Kubernetes x.y-3:

Follow-up items

• Ensure the Golang issue template is updated with any new requirements

/assign
cc: @kubernetes/release-engineering

[brandond]

New releases are out: https://groups.google.com/g/golang-announce/c/mperVMGa98w

• cmd/go: packages using cgo can cause arbitrary code execution at build time
• crypto/elliptic: incorrect operations on the P-224 curve

[justaugustus]

We've started up with this update in #1857, but just noting here that these security updates should be minimally impactful to kubernetes/kubernetes, as @brandond suggested in Slack.

[justaugustus]

Golang 1.15.8 has been released.
We'll be tracking any remaining work here: #1895

/close

[k8s-ci-robot]

@justaugustus: Closing this issue.

In response to this:

Golang 1.15.8 has been released.
We'll be tracking any remaining work here: #1895

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.