all: Bump Golang minor versions in accordance with latest release.

[Shaptic]

What

Bumps from 1.16.3 -> 1.16.5 and 1.15.11 -> 1.15.13.

Why

This bump includes security issues. Refer to the release announcement for more.

[Shaptic]

I found these references based on Ctrl+F on things like go:, 1.16, golang:, and 1.15, therefore it may not be all of the possible references, but it damn-sure is a lot of them.

[bartekn]

Maybe we should replace it with:

Suggested change

	- image: golang:1.16.5
	- image: golang:1.16

so that it will always pull latest Golang 1.16.x. This was recommended by @jacekn and @satyamz in the issue about bumping Golang versions in SDF. Same thing for 1.15.x.

[ire-and-curses]

I like this idea. We basically always want to be on latest patch release. Let's do it.

For minor versions let's stick to manual update for now.

[Shaptic]

Cool, I didn't realize 1.16 would always be the latest

[Shaptic]

Done!

[leighmcculloch]

Why did we remove the patch version from some locations like this one, but we kept the patch versions in other services?

[ire-and-curses]

are you talking about these? #3693 (comment)

[leighmcculloch]

That link doesn't seem to go anywhere for me. In the CI files patch versions are used, and in the Ticker, Keystore, and other docker files a patch version is used. It'd be helpful if we are consistent.

[Shaptic]

Using the patch version means updating the patch version.
Using the minor version for Docker images means we always get the latest patch version (see above).
We can't do this for things like download URLs (see above), however, so we still need the patch version sometimes.

[leighmcculloch]

Got it. What's the motivation for only making that change for Friendbot and Horizon, and not the other services?