From 1d9d349c19ab8d63bf567660f4df3311a58b671b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= <pawel.gronowski@docker.com>
Date: Tue, 4 Feb 2025 20:34:35 +0100
Subject: [PATCH] update to go1.23.6
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- https://github.com/golang/go/issues?q=milestone%3AGo1.23.6+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.23.5...go1.23.6

This minor release include 1 security fix following the security policy:

- crypto/elliptic: timing sidechannel for P-256 on ppc64le

  Due to the usage of a variable time instruction in the assembly implementation
  of an internal function, a small number of bits of secret scalars are leaked on
  the ppc64le architecture. Due to the way this function is used, we do not
  believe this leakage is enough to allow recovery of the private key when P-256
  is used in any well known protocols.

This is CVE-2025-22866 and Go issue https://go.dev/issue/71383.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.23.6

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
---
 .github/workflows/codeql.yml     | 2 +-
 .github/workflows/test.yml       | 2 +-
 .golangci.yml                    | 2 +-
 Dockerfile                       | 2 +-
 docker-bake.hcl                  | 2 +-
 dockerfiles/Dockerfile.dev       | 2 +-
 dockerfiles/Dockerfile.lint      | 2 +-
 dockerfiles/Dockerfile.vendor    | 2 +-
 e2e/testdata/Dockerfile.gencerts | 2 +-
 9 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 78c623d22..384d46458 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -63,7 +63,7 @@ jobs:
         name: Update Go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.23.5"
+          go-version: "1.23.6"
       -
         name: Initialize CodeQL
         uses: github/codeql-action/init@v3
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 4f9851d91..c148ace89 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -66,7 +66,7 @@ jobs:
         name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.23.5"
+          go-version: "1.23.6"
       -
         name: Test
         run: |
diff --git a/.golangci.yml b/.golangci.yml
index ba0f4178a..38c1d0850 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -43,7 +43,7 @@ linters:
 run:
   # prevent golangci-lint from deducting the go version to lint for through go.mod,
   # which causes it to fallback to go1.17 semantics.
-  go: "1.23.5"
+  go: "1.23.6"
   timeout: 5m
 
 linters-settings:
diff --git a/Dockerfile b/Dockerfile
index 87d7c8630..cb63732bf 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,7 +4,7 @@ ARG BASE_VARIANT=alpine
 ARG ALPINE_VERSION=3.21
 ARG BASE_DEBIAN_DISTRO=bookworm
 
-ARG GO_VERSION=1.23.5
+ARG GO_VERSION=1.23.6
 ARG XX_VERSION=1.6.1
 ARG GOVERSIONINFO_VERSION=v1.4.1
 ARG GOTESTSUM_VERSION=v1.10.0
diff --git a/docker-bake.hcl b/docker-bake.hcl
index 0a644ef62..340556f5e 100644
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@@ -1,5 +1,5 @@
 variable "GO_VERSION" {
-    default = "1.23.5"
+    default = "1.23.6"
 }
 variable "VERSION" {
     default = ""
diff --git a/dockerfiles/Dockerfile.dev b/dockerfiles/Dockerfile.dev
index f283c37c8..71db7b06a 100644
--- a/dockerfiles/Dockerfile.dev
+++ b/dockerfiles/Dockerfile.dev
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.23.5
+ARG GO_VERSION=1.23.6
 ARG ALPINE_VERSION=3.21
 
 ARG BUILDX_VERSION=0.17.1
diff --git a/dockerfiles/Dockerfile.lint b/dockerfiles/Dockerfile.lint
index 86991041d..69a6be097 100644
--- a/dockerfiles/Dockerfile.lint
+++ b/dockerfiles/Dockerfile.lint
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.23.5
+ARG GO_VERSION=1.23.6
 ARG ALPINE_VERSION=3.21
 ARG GOLANGCI_LINT_VERSION=v1.62.2
 
diff --git a/dockerfiles/Dockerfile.vendor b/dockerfiles/Dockerfile.vendor
index 921fa2407..05d978c17 100644
--- a/dockerfiles/Dockerfile.vendor
+++ b/dockerfiles/Dockerfile.vendor
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.23.5
+ARG GO_VERSION=1.23.6
 ARG ALPINE_VERSION=3.21
 ARG MODOUTDATED_VERSION=v0.8.0
 
diff --git a/e2e/testdata/Dockerfile.gencerts b/e2e/testdata/Dockerfile.gencerts
index a5b90e75b..ff67ce19c 100644
--- a/e2e/testdata/Dockerfile.gencerts
+++ b/e2e/testdata/Dockerfile.gencerts
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.23.5
+ARG GO_VERSION=1.23.6
 
 FROM golang:${GO_VERSION}-alpine AS generated
 ENV GOTOOLCHAIN=local