Bump golang version for build to 1.21.11

According to trivy, golang 1.21.4 has trailing vulnerabilities. We upgrade it
to 1.21.11 to fix the vulnerabilities.

$ trivy image masap20220915/sonobuoy:amd64-v0.57
2024-07-01T09:50:21+09:00	INFO	Vulnerability scanning is enabled
2024-07-01T09:50:21+09:00	INFO	Secret scanning is enabled
2024-07-01T09:50:21+09:00	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-01T09:50:21+09:00	INFO	Please see also https://aquasecurity.github.io/trivy/v0.52/docs/scanner/secret/#recommendation for faster secret detection
2024-07-01T09:50:24+09:00	INFO	Detected OS	family="debian" version="12.5"
2024-07-01T09:50:24+09:00	INFO	[debian] Detecting vulnerabilities...	os_version="12" pkg_num=3
2024-07-01T09:50:24+09:00	INFO	Number of language-specific files	num=1
2024-07-01T09:50:24+09:00	INFO	[gobinary] Detecting vulnerabilities...

masap20220915/sonobuoy:amd64-v0.57 (debian 12.5)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

sonobuoy (gobinary)

Total: 9 (UNKNOWN: 0, LOW: 0, MEDIUM: 7, HIGH: 1, CRITICAL: 1)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │  Fixed Version  │                            Title                             │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-24790 │ CRITICAL │ fixed  │ 1.21.4            │ 1.21.11, 1.22.4 │ golang: net/netip: Unexpected behavior from Is methods for   │
│         │                │          │        │                   │                 │ IPv4-mapped IPv6 addresses                                   │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2024-24790                   │
│         ├────────────────┼──────────┤        │                   ├─────────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2023-45288 │ HIGH     │        │                   │ 1.21.9, 1.22.2  │ golang: net/http, x/net/http2: unlimited number of           │
│         │                │          │        │                   │                 │ CONTINUATION frames causes DoS                               │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2023-45288                   │
│         ├────────────────┼──────────┤        │                   ├─────────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2023-39326 │ MEDIUM   │        │                   │ 1.20.12, 1.21.5 │ golang: net/http/internal: Denial of Service (DoS) via       │
│         │                │          │        │                   │                 │ Resource Consumption via HTTP requests...                    │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2023-39326                   │
│         ├────────────────┤          │        │                   ├─────────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2023-45289 │          │        │                   │ 1.21.8, 1.22.1  │ golang: net/http/cookiejar: incorrect forwarding of          │
│         │                │          │        │                   │                 │ sensitive headers and cookies on HTTP redirect...            │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2023-45289                   │
│         ├────────────────┤          │        │                   │                 ├──────────────────────────────────────────────────────────────┤
│         │ CVE-2023-45290 │          │        │                   │                 │ golang: net/http: memory exhaustion in                       │
│         │                │          │        │                   │                 │ Request.ParseMultipartForm                                   │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2023-45290                   │
│         ├────────────────┤          │        │                   │                 ├──────────────────────────────────────────────────────────────┤
│         │ CVE-2024-24783 │          │        │                   │                 │ golang: crypto/x509: Verify panics on certificates with an   │
│         │                │          │        │                   │                 │ unknown public key algorithm...                              │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2024-24783                   │
│         ├────────────────┤          │        │                   │                 ├──────────────────────────────────────────────────────────────┤
│         │ CVE-2024-24784 │          │        │                   │                 │ golang: net/mail: comments in display names are incorrectly  │
│         │                │          │        │                   │                 │ handled                                                      │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2024-24784                   │
│         ├────────────────┤          │        │                   │                 ├──────────────────────────────────────────────────────────────┤
│         │ CVE-2024-24785 │          │        │                   │                 │ golang: html/template: errors returned from MarshalJSON      │
│         │                │          │        │                   │                 │ methods may break template escaping                          │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2024-24785                   │
│         ├────────────────┤          │        │                   ├─────────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2024-24789 │          │        │                   │ 1.21.11, 1.22.4 │ golang: archive/zip: Incorrect handling of certain ZIP files │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2024-24789                   │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────┴──────────────────────────────────────────────────────────────┘

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>

scripts/build_funcs.sh

@@ -28,7 +28,7 @@ IMAGE_BRANCH=$(git rev-parse --abbrev-ref HEAD | sed 's/\///g')
 GIT_REF_LONG=$(git rev-parse --verify HEAD)
 
 BUILDMNT=/go/src/$GOTARGET
-BUILD_IMAGE=golang:1.21.4
+BUILD_IMAGE=golang:1.21.11
 AMD_IMAGE=gcr.io/distroless/static:nonroot
 ARM_IMAGE=gcr.io/distroless/static:nonroot-arm64
 PPC64LE_IMAGE=gcr.io/distroless/static:nonroot-ppc64le

test/integration/testImage/Dockerfile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.21.4 AS base
+FROM golang:1.21.11 AS base
 WORKDIR /src
 
 # Handle the go modules first to take advantage of Docker cache.