From fffabd1c53199c32fa065725cc850576e1920e68 Mon Sep 17 00:00:00 2001
From: Rootul P <rootulp@gmail.com>
Date: Thu, 7 Mar 2024 10:02:56 -0500
Subject: [PATCH] chore: upgrade to Go 1.22.1 (#3163)

To resolve govulncheck issues like:

```
Vulnerability #2: GO-2024-2610
    Errors returned from JSON marshaling may break template escaping in
    html/template
  More info: https://pkg.go.dev/vuln/GO-2024-2610
  Standard library
    Found in: html/template@go1.22
    Fixed in: html/template@go1.22.1
    Example traces found:
Error:       #1: test/util/testnode/rpc_client.go:126:25: testnode.StartAPIServer calls api.Server.Start, which eventually calls template.Template.Execute
Error:       #2: test/util/testnode/rpc_client.go:126:25: testnode.StartAPIServer calls api.Server.Start, which eventually calls template.Template.ExecuteTemplate

Vulnerability #3: GO-2024-2600
    Incorrect forwarding of sensitive headers and cookies on HTTP redirect in
    net/http
  More info: https://pkg.go.dev/vuln/GO-2024-2600
  Standard library
    Found in: net/http@go1.22
    Fixed in: net/http@go1.22.1
    Example traces found:
Error:       #1: x/blobstream/client/verify.go:224:39: client.VerifyShares calls http.baseRPCClient.ProveShares, which eventually calls http.Client.Do
Error:       #2: cmd/celestia-appd/cmd/download_genesis.go:103:[23](https://github.com/celestiaorg/celestia-app/actions/runs/8169780335/job/22334531542?pr=3157#step:4:24): cmd.downloadFile calls http.Get

Vulnerability #4: GO-20[24](https://github.com/celestiaorg/celestia-app/actions/runs/8169780335/job/22334531542?pr=3157#step:4:25)-[25](https://github.com/celestiaorg/celestia-app/actions/runs/8169780335/job/22334531542?pr=3157#step:4:26)99
    Memory exhaustion in multipart form parsing in net/textproto and net/http
  More info: https://pkg.go.dev/vuln/GO-2024-2599
  Standard library
    Found in: net/textproto@go1.22
    Fixed in: net/textproto@go1.22.1
    Example traces found:
Error:       #1: x/blobstream/client/verify.go:202:18: client.VerifyShares calls service.BaseService.Start, which eventually calls textproto.Reader.ReadLine
Error:       #2: test/e2e/util.go:25:23: e2e.keyGenerator.Generate calls io.ReadFull, which eventually calls textproto.Reader.ReadMIMEHeader

Vulnerability #5: GO-2024-2598
    Verify panics on certificates with an unknown public key algorithm in
    crypto/x509
  More info: https://pkg.go.dev/vuln/GO-2024-2598
  Standard library
    Found in: crypto/x509@go1.22
    Fixed in: crypto/x509@go1.22.1
    Example traces found:
Error:       #1: test/e2e/util.go:25:23: e2e.keyGenerator.Generate calls io.ReadFull, which eventually calls x[50](https://github.com/celestiaorg/celestia-app/actions/runs/8169780335/job/22334531542?pr=3157#step:4:51)9.Certificate.Verify
```
---
 Dockerfile                                      | 2 +-
 Makefile                                        | 2 +-
 README.md                                       | 2 +-
 docker/Dockerfile_txsim                         | 2 +-
 go.mod                                          | 2 +-
 go.work                                         | 2 +-
 test/testground/Dockerfile                      | 2 +-
 test/testground/compositions/standard/plan.toml | 4 ++--
 test/testground/go.mod                          | 2 +-
 test/testground/manifest.toml                   | 4 ++--
 10 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index b37466bf6d..0b426a1bce 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # stage 1 Generate celestia-appd Binary
-FROM --platform=$BUILDPLATFORM docker.io/golang:1.22.0-alpine3.18 as builder
+FROM --platform=$BUILDPLATFORM docker.io/golang:1.22.1-alpine3.18 as builder
 
 ARG TARGETOS
 ARG TARGETARCH
diff --git a/Makefile b/Makefile
index 9966adf77c..bab0416e30 100644
--- a/Makefile
+++ b/Makefile
@@ -8,7 +8,7 @@ DOCKER_PROTO_BUILDER := docker run -v $(shell pwd):/workspace --workdir /workspa
 PROJECTNAME=$(shell basename "$(PWD)")
 HTTPS_GIT := https://github.com/celestiaorg/celestia-app.git
 PACKAGE_NAME          := github.com/celestiaorg/celestia-app
-GOLANG_CROSS_VERSION  ?= v1.22.0
+GOLANG_CROSS_VERSION  ?= v1.22.1
 
 # process linker flags
 ldflags = -X github.com/cosmos/cosmos-sdk/version.Name=celestia-app \
diff --git a/README.md b/README.md
index df3f900509..57d83ed083 100644
--- a/README.md
+++ b/README.md
@@ -35,7 +35,7 @@ node            |  |                               |  |
 
 ### Source
 
-1. [Install Go](https://go.dev/doc/install) 1.22.0
+1. [Install Go](https://go.dev/doc/install) 1.22.1
 1. Clone this repo
 1. Install the celestia-app CLI
 
diff --git a/docker/Dockerfile_txsim b/docker/Dockerfile_txsim
index ade04df682..dc9f32dd3a 100644
--- a/docker/Dockerfile_txsim
+++ b/docker/Dockerfile_txsim
@@ -1,5 +1,5 @@
 # Stage 1: generate celestia-appd binary
-FROM --platform=$BUILDPLATFORM docker.io/golang:1.22.0-alpine3.18 as builder
+FROM --platform=$BUILDPLATFORM docker.io/golang:1.22.1-alpine3.18 as builder
 
 ARG TARGETOS
 ARG TARGETARCH
diff --git a/go.mod b/go.mod
index c8fa60c68b..9f3400fe37 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/celestiaorg/celestia-app
 
-go 1.22.0
+go 1.22.1
 
 require (
 	cosmossdk.io/errors v1.0.1
diff --git a/go.work b/go.work
index bfd6a6fd09..1dadd25d6f 100644
--- a/go.work
+++ b/go.work
@@ -1,4 +1,4 @@
-go 1.22.0
+go 1.22.1
 
 use (
 	.
diff --git a/test/testground/Dockerfile b/test/testground/Dockerfile
index 89dc3b5a59..620774dd24 100644
--- a/test/testground/Dockerfile
+++ b/test/testground/Dockerfile
@@ -1,6 +1,6 @@
 # BUILD_BASE_IMAGE is the base image to use for the build. It contains a rolling
 # accumulation of Go build/package caches.
-ARG BUILD_BASE_IMAGE=docker.io/golang:1.22.0-alpine3.18
+ARG BUILD_BASE_IMAGE=docker.io/golang:1.22.1-alpine3.18
 # This Dockerfile performs a multi-stage build and RUNTIME_IMAGE is the image
 # onto which to copy the resulting binary.
 #
diff --git a/test/testground/compositions/standard/plan.toml b/test/testground/compositions/standard/plan.toml
index 774a7f2a58..65d5b2422a 100644
--- a/test/testground/compositions/standard/plan.toml
+++ b/test/testground/compositions/standard/plan.toml
@@ -46,10 +46,10 @@ cpu = "6"
 count = 100
 percentage = 0.0
 [groups.build_config]
-build_base_image = "golang:1.22.0"
+build_base_image = "golang:1.22.1"
 enable_go_build_cache = true
 enabled = true
-go_version = "1.22.0"
+go_version = "1.22.1"
 [groups.build]
 [groups.run]
 artifact = ""
diff --git a/test/testground/go.mod b/test/testground/go.mod
index 865a18933e..374888c373 100644
--- a/test/testground/go.mod
+++ b/test/testground/go.mod
@@ -1,6 +1,6 @@
 module github.com/celestiaorg/celestia-app/test/testground
 
-go 1.22.0
+go 1.22.1
 
 require (
 	github.com/celestiaorg/celestia-app v1.0.0-rc0.0.20240304150808-f0a1f87c0253
diff --git a/test/testground/manifest.toml b/test/testground/manifest.toml
index b2713c41d1..e8c1750a79 100644
--- a/test/testground/manifest.toml
+++ b/test/testground/manifest.toml
@@ -6,8 +6,8 @@ runner = "local:docker"
 
 [builders."docker:generic"]
 enabled = true
-build_base_image = "golang:1.22.0"
-go_version = "1.22.0"
+build_base_image = "golang:1.22.1"
+go_version = "1.22.1"
 enable_go_build_cache = true
 
 [runners."local:docker"]