hashicorp · wilkermichael · Mar 2, 2023 · Mar 2, 2023 · Mar 2, 2023 · Mar 2, 2023
diff --git a/.changelog/1975.txt b/.changelog/1975.txt
@@ -0,0 +1,11 @@
+```release-note:security
+upgrade to use Go 1.19.6. This resolves vulnerabilities CVE-2022-41724 in crypto/tls and CVE-2022-41723 in net/http.
+```
+
+```release-note:improvement
+cli: update minimum go version for project to 1.19.
+```
+
+```release-note:improvement
+control-plane: update minimum go version for project to 1.19.
+```
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -6,7 +6,7 @@ orbs:
 executors:
   go:
     docker:
-      - image: docker.mirror.hashicorp.services/cimg/go:1.18.3
+      - image: docker.mirror.hashicorp.services/cimg/go:1.19.6
     environment:
       TEST_RESULTS: /tmp/test-results # path to where test results are saved
 
@@ -34,9 +34,9 @@ commands:
       - run:
           name: Install go, gotestsum, kind, kubectl, and helm
           command: |
-            wget https://golang.org/dl/go1.18.3.linux-amd64.tar.gz
-            sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.18.3.linux-amd64.tar.gz
-            rm go1.18.3.linux-amd64.tar.gz
+            wget https://golang.org/dl/go1.19.6.linux-amd64.tar.gz
+            sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.19.6.linux-amd64.tar.gz
+            rm go1.19.6.linux-amd64.tar.gz
             echo 'export PATH=$PATH:/usr/local/go/bin' >> $BASH_ENV
 
             wget https://github.com/gotestyourself/gotestsum/releases/download/v1.6.4/gotestsum_1.6.4_linux_amd64.tar.gz

diff --git a/.go-version b/.go-version
@@ -1 +1 @@
-1.18.3
+1.19.6
diff --git a/acceptance/go.mod b/acceptance/go.mod
@@ -1,6 +1,6 @@
 module github.com/hashicorp/consul-k8s/acceptance
 
-go 1.18
+go 1.19
 
 require (
 	github.com/gruntwork-io/terratest v0.31.2

diff --git a/charts/consul/test/docker/Test.dockerfile b/charts/consul/test/docker/Test.dockerfile
@@ -6,7 +6,7 @@
 # a script to configure kubectl, potentially install Helm, and run the tests
 # manually. This image only has the dependencies pre-installed.
 
-FROM cimg/go:1.18
+FROM cimg/go:1.19
 
 # change the user to root so we can install stuff
 USER root

diff --git a/charts/go.mod b/charts/go.mod
@@ -1,3 +1,3 @@
 module github.com/hashicorp/consul-k8s/charts
 
-go 1.18
+go 1.19
diff --git a/cli/go.mod b/cli/go.mod
@@ -1,6 +1,6 @@
 module github.com/hashicorp/consul-k8s/cli
 
-go 1.18
+go 1.19
 
 require (
 	github.com/bgentry/speakeasy v0.1.0

diff --git a/control-plane/cni/go.mod b/control-plane/cni/go.mod
@@ -52,4 +52,4 @@ require (
 
 replace github.com/hashicorp/consul/sdk v0.9.0 => github.com/hashicorp/consul/sdk v0.4.1-0.20220531155537-364758ef2f50
 
-go 1.18
+go 1.19
diff --git a/control-plane/go.mod b/control-plane/go.mod
@@ -129,4 +129,4 @@ require (
 	sigs.k8s.io/yaml v1.2.0 // indirect
 )
 
-go 1.18
+go 1.19
diff --git a/control-plane/subcommand/install-cni/cniconfig_test.go b/control-plane/subcommand/install-cni/cniconfig_test.go
@@ -2,7 +2,7 @@ package installcni
 
 import (
 	"fmt"
-	"io/ioutil"
+	"os"
 	"path/filepath"
 	"testing"
 
@@ -93,10 +93,10 @@ func TestConfListFromConfFile(t *testing.T) {
 	actualFile, err := confListFileFromConfFile(tempCfgFile)
 	require.NoError(t, err)
 
-	actual, err := ioutil.ReadFile(actualFile)
+	actual, err := os.ReadFile(actualFile)
 	require.NoError(t, err)
 
-	expected, err := ioutil.ReadFile(expectedCfgFile)
+	expected, err := os.ReadFile(expectedCfgFile)
 	require.NoError(t, err)
 
 	require.Equal(t, string(expected), string(actual))
@@ -168,10 +168,10 @@ func TestAppendCNIConfig(t *testing.T) {
 			err = appendCNIConfig(c.consulConfig, tempDestFile)
 			require.NoError(t, err)
 
-			actual, err := ioutil.ReadFile(tempDestFile)
+			actual, err := os.ReadFile(tempDestFile)
 			require.NoError(t, err)
 
-			expected, err := ioutil.ReadFile(c.goldenFile)
+			expected, err := os.ReadFile(c.goldenFile)
 			require.NoError(t, err)
 
 			require.Equal(t, string(expected), string(actual))
@@ -298,10 +298,10 @@ func TestRemoveCNIConfig(t *testing.T) {
 				t.Fatal(err)
 			}
 
-			actual, err := ioutil.ReadFile(tempDestFile)
+			actual, err := os.ReadFile(tempDestFile)
 			require.NoError(t, err)
 
-			expected, err := ioutil.ReadFile(c.cfgFile)
+			expected, err := os.ReadFile(c.cfgFile)
 			require.NoError(t, err)
 
 			require.Equal(t, string(expected), string(actual))

diff --git a/control-plane/subcommand/install-cni/command_test.go b/control-plane/subcommand/install-cni/command_test.go
@@ -3,7 +3,6 @@ package installcni
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
@@ -65,11 +64,11 @@ func TestRun_DirectoryWatcher(t *testing.T) {
 	require.NoError(t, err)
 	time.Sleep(50 * time.Millisecond)
 	// The golden file contains the consul config.
-	expected, err := ioutil.ReadFile(goldenFile)
+	expected, err := os.ReadFile(goldenFile)
 	require.NoError(t, err)
 	// Get the name of the config file in the tempDir and read it.
 	tempDestFile := filepath.Join(tempDir, configFile)
-	actual, err := ioutil.ReadFile(tempDestFile)
+	actual, err := os.ReadFile(tempDestFile)
 	require.NoError(t, err)
 	// Filewatcher should have detected a change and appended to the config file. Make sure
 	// files match.
@@ -82,7 +81,7 @@ func TestRun_DirectoryWatcher(t *testing.T) {
 	require.NoError(t, err)
 	time.Sleep(50 * time.Millisecond)
 	// Re-read the config file so we can compare the updated config file.
-	actual, err = ioutil.ReadFile(tempDestFile)
+	actual, err = os.ReadFile(tempDestFile)
 	require.NoError(t, err)
 	// Filewatcher should have detected change, fixed and appended to the config file. Make sure
 	// files match.

diff --git a/control-plane/subcommand/install-cni/kubeconfig.go b/control-plane/subcommand/install-cni/kubeconfig.go
@@ -3,7 +3,6 @@ package installcni
 import (
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 
@@ -120,7 +119,7 @@ func serviceAccountToken(tokenPath string) (string, error) {
 	if _, err := os.Stat(tokenPath); errors.Is(err, os.ErrNotExist) {
 		return "", fmt.Errorf("tokenPath does not exist: %w", err)
 	}
-	token, err := ioutil.ReadFile(tokenPath)
+	token, err := os.ReadFile(tokenPath)
 	if err != nil {
 		return "", fmt.Errorf("could not read service account token: %w", err)
 	}

diff --git a/control-plane/subcommand/install-cni/kubeconfig_test.go b/control-plane/subcommand/install-cni/kubeconfig_test.go
@@ -1,7 +1,7 @@
 package installcni
 
 import (
-	"io/ioutil"
+	"os"
 	"path/filepath"
 	"testing"
 
@@ -39,7 +39,7 @@ func TestKubeConfigYaml(t *testing.T) {
 			require.NoError(t, err)
 
 			golden := filepath.Join("testdata", c.goldenFile)
-			expected, err := ioutil.ReadFile(golden)
+			expected, err := os.ReadFile(golden)
 			require.NoError(t, err)
 
 			require.Equal(t, string(expected), string(actual))

diff --git a/hack/aws-acceptance-test-cleanup/go.mod b/hack/aws-acceptance-test-cleanup/go.mod
@@ -1,6 +1,6 @@
 module github.com/hashicorp/consul-helm/hack/aws-acceptance-test-cleanup
 
-go 1.18
+go 1.19
 
 require (
 	github.com/aws/aws-sdk-go v1.38.63

diff --git a/hack/copy-crds-to-chart/go.mod b/hack/copy-crds-to-chart/go.mod
@@ -1,3 +1,3 @@
 module github.com/hashicorp/consul-k8s/hack/copy-crds-to-chart
 
-go 1.18
+go 1.19
diff --git a/hack/helm-reference-gen/go.mod b/hack/helm-reference-gen/go.mod
@@ -1,6 +1,6 @@
 module github.com/hashicorp/consul-k8s/hack/helm-reference-gen
 
-go 1.18
+go 1.19
 
 require (
 	github.com/stretchr/testify v1.6.1
Original file line number	Diff line number	Diff line change
Expand Up		@@ -52,4 +52,4 @@ require (

		replace github.com/hashicorp/consul/sdk v0.9.0 => github.com/hashicorp/consul/sdk v0.4.1-0.20220531155537-364758ef2f50

		go 1.18
		go 1.19
-Original file line number
+Diff line change
@@ Expand Up / @@ -129,4 +129,4 @@ require ( @@
     	sigs.k8s.io/yaml v1.2.0 // indirect
     )
-    go 1.18
+    go 1.19