From 0f1234a66255bbcfd1030b3d3102dbe85d0b6306 Mon Sep 17 00:00:00 2001
From: Bryan Eastes <eastebry@users.noreply.github.com>
Date: Mon, 19 Jun 2023 06:42:30 -0700
Subject: [PATCH] Bumping go-discover to the lastest version (#2390)

* Bumping go-discover to the lastest version
---
 .changelog/2390.txt      | 3 +++
 control-plane/Dockerfile | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 .changelog/2390.txt

diff --git a/.changelog/2390.txt b/.changelog/2390.txt
new file mode 100644
index 0000000000..a4546bd781
--- /dev/null
+++ b/.changelog/2390.txt
@@ -0,0 +1,3 @@
+```release-note:security
+Update [Go-Discover](https://github.com/hashicorp/go-discover) in the container has been updated to address [CVE-2020-14040](https://github.com/advisories/GHSA-5rcv-m4m3-hfh7)
+```
diff --git a/control-plane/Dockerfile b/control-plane/Dockerfile
index f401ac8262..c09f5ecf80 100644
--- a/control-plane/Dockerfile
+++ b/control-plane/Dockerfile
@@ -17,7 +17,7 @@
 # go-discover builds the discover binary (which we don't currently publish
 # either).
 FROM golang:1.19.2-alpine as go-discover
-RUN CGO_ENABLED=0 go install github.com/hashicorp/go-discover/cmd/discover@49f60c093101c9c5f6b04d5b1c80164251a761a6
+RUN CGO_ENABLED=0 go install github.com/hashicorp/go-discover/cmd/discover@214571b6a5309addf3db7775f4ee8cf4d264fd5f
 
 # dev copies the binary from a local build
 # -----------------------------------