From fcc2e39c2d00b90deb9f473a39f6f88af53520d2 Mon Sep 17 00:00:00 2001
From: stevenhorsman <steven@uk.ibm.com>
Date: Wed, 6 Mar 2024 12:20:40 +0000
Subject: [PATCH] versions: Bump golang

Bump to go 1.21.8 to resolve CVEs:
- https://pkg.go.dev/vuln/GO-2024-2600
- https://pkg.go.dev/vuln/GO-2024-2599
- https://pkg.go.dev/vuln/GO-2024-2598
- https://pkg.go.dev/vuln/GO-2024-2610

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
---
 Dockerfile                            |  2 +-
 hack/Dockerfile.golang                | 10 +++++-----
 ibmcloud-powervs/image/prereq.sh      |  2 +-
 podvm/Dockerfile.podvm_builder.fedora |  2 +-
 podvm/README.md                       |  2 +-
 versions.yaml                         |  2 +-
 6 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 5785be33d0..1c30c9e359 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 ARG BUILD_TYPE=dev
-ARG BUILDER_BASE=quay.io/confidential-containers/golang-fedora:1.20.12-38
+ARG BUILDER_BASE=quay.io/confidential-containers/golang-fedora:1.21.8-38
 ARG BASE=registry.fedoraproject.org/fedora:38
 
 # This dockerfile uses Go cross-compilation to build the binary,
diff --git a/hack/Dockerfile.golang b/hack/Dockerfile.golang
index 075207fdb5..22d3a4f7d1 100644
--- a/hack/Dockerfile.golang
+++ b/hack/Dockerfile.golang
@@ -5,11 +5,11 @@ FROM --platform=$TARGETPLATFORM ${BASE_IMAGE} as base
 
 # DO NOT UPDATE THIS BY HAND !!
 # Use hack/update-go-container.sh to update the version and hashes.
-ARG GO_VERSION=1.20.12
-ARG GO_LINUX_ARM64_SHA256=8afe8e3fb6972eaa2179ef0a71678c67f26509fab4f0f67c4b00f4cdfa92dc87
-ARG GO_LINUX_AMD64_SHA256=9c5d48c54dd8b0a3b2ef91b0f92a1190aa01f11d26e98033efa64c46a30bba7b
-ARG GO_LINUX_PPC64LE_SHA256=2ae0ec3736216dfbd7b01ff679842dc1bed365e53a024d522645bcffd01c7328
-ARG GO_LINUX_S390X_SHA256=ee48b23e1978a866cb60a8e8ddf0bd61cbbaf86bcfcdbf4f9509f34e9159ce45
+ARG GO_VERSION=1.21.8
+ARG GO_LINUX_ARM64_SHA256=3c19113c686ffa142e9159de1594c952dee64d5464965142d222eab3a81f1270
+ARG GO_LINUX_AMD64_SHA256=538b3b143dc7f32b093c8ffe0e050c260b57fc9d57a12c4140a639a8dd2b4e4f
+ARG GO_LINUX_PPC64LE_SHA256=e073dc1e0a94e4b43b1369fab8b5acc30e80cdbed99352a083681929225622fc
+ARG GO_LINUX_S390X_SHA256=7df2608e412de08df9cf3a1637a068f0dcbf28c3cc25659b4dfd7960c6fe5b3d
 
 FROM base AS base-amd64
 ADD --checksum=sha256:${GO_LINUX_AMD64_SHA256} https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz .
diff --git a/ibmcloud-powervs/image/prereq.sh b/ibmcloud-powervs/image/prereq.sh
index e1fb345bb7..b76f5631a6 100755
--- a/ibmcloud-powervs/image/prereq.sh
+++ b/ibmcloud-powervs/image/prereq.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-GO_VERSION="1.20.12"
+GO_VERSION="1.21.8"
 RUST_VERSION="1.72.0"
 SKOPEO_VERSION="1.5.0"
 
diff --git a/podvm/Dockerfile.podvm_builder.fedora b/podvm/Dockerfile.podvm_builder.fedora
index c1ce09a865..29187f130d 100644
--- a/podvm/Dockerfile.podvm_builder.fedora
+++ b/podvm/Dockerfile.podvm_builder.fedora
@@ -11,7 +11,7 @@ ARG ARCH="amd64"
 ARG YQ_ARCH="amd64"
 # PROTOC_ARCH="x86_64" | "s390x_64"
 ARG PROTOC_ARCH="x86_64"
-ARG GO_VERSION="1.20.12"
+ARG GO_VERSION="1.21.8"
 ARG PROTOC_VERSION="3.11.4"
 ARG RUST_VERSION="1.72.0"
 ARG YQ_VERSION="v4.35.1"
diff --git a/podvm/README.md b/podvm/README.md
index dd9b5e4751..2fde1bbd89 100644
--- a/podvm/README.md
+++ b/podvm/README.md
@@ -61,7 +61,7 @@ currently accepted:
 | CAA\_SRC\_REF     | main                                                         | cloud-api-adaptor repository branch or commit                   |
 | KATA\_SRC         | https://github.com/kata-containers/kata-containers           | The Kata Containers source repository                           |
 | KATA\_SRC\_BRANCH | CCv0                                                         | The Kata Containers repository branch                           |
-| GO\_VERSION       | 1.20.12                                                      | Go version                                                      |
+| GO\_VERSION       | 1.21.8                                                       | Go version                                                      |
 | PROTOC\_VERSION   | 3.11.4                                                       | [Protobuf](https://github.com/protocolbuffers/protobuf) version |
 | RUST\_VERSION     | 1.72.0                                                       | Rust version                                                    |
 | YQ\_VERSION       | v4.35.1                                                      | [yq](https://github.com/mikefarah/yq/) version                  |
diff --git a/versions.yaml b/versions.yaml
index 0a29824f3f..b913e39237 100644
--- a/versions.yaml
+++ b/versions.yaml
@@ -20,7 +20,7 @@ cloudimg:
 
 tools:
   bats: 1.10.0
-  golang: 1.20.12
+  golang: 1.21.8
   rust: 1.72.0
   protoc: 3.11.4
 # Referenced Git repositories