chore: upgrade to Go 1.22.1 (celestiaorg#3163)

To resolve govulncheck issues like: ``` Vulnerability celestiaorg#2: GO-2024-2610 Errors returned from JSON marshaling may break template escaping in html/template More info: https://pkg.go.dev/vuln/GO-2024-2610 Standard library Found in: html/template@go1.22 Fixed in: html/template@go1.22.1 Example traces found: Error: celestiaorg#1: test/util/testnode/rpc_client.go:126:25: testnode.StartAPIServer calls api.Server.Start, which eventually calls template.Template.Execute Error: celestiaorg#2: test/util/testnode/rpc_client.go:126:25: testnode.StartAPIServer calls api.Server.Start, which eventually calls template.Template.ExecuteTemplate Vulnerability celestiaorg#3: GO-2024-2600 Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http More info: https://pkg.go.dev/vuln/GO-2024-2600 Standard library Found in: net/http@go1.22 Fixed in: net/http@go1.22.1 Example traces found: Error: celestiaorg#1: x/blobstream/client/verify.go:224:39: client.VerifyShares calls http.baseRPCClient.ProveShares, which eventually calls http.Client.Do Error: celestiaorg#2: cmd/celestia-appd/cmd/download_genesis.go:103:[23](https://github.com/celestiaorg/celestia-app/actions/runs/8169780335/job/22334531542?pr=3157#step:4:24): cmd.downloadFile calls http.Get Vulnerability celestiaorg#4: GO-20[24](https://github.com/celestiaorg/celestia-app/actions/runs/8169780335/job/22334531542?pr=3157#step:4:25)-[25](https://github.com/celestiaorg/celestia-app/actions/runs/8169780335/job/22334531542?pr=3157#step:4:26)99 Memory exhaustion in multipart form parsing in net/textproto and net/http More info: https://pkg.go.dev/vuln/GO-2024-2599 Standard library Found in: net/textproto@go1.22 Fixed in: net/textproto@go1.22.1 Example traces found: Error: celestiaorg#1: x/blobstream/client/verify.go:202:18: client.VerifyShares calls service.BaseService.Start, which eventually calls textproto.Reader.ReadLine Error: celestiaorg#2: test/e2e/util.go:25:23: e2e.keyGenerator.Generate calls io.ReadFull, which eventually calls textproto.Reader.ReadMIMEHeader Vulnerability celestiaorg#5: GO-2024-2598 Verify panics on certificates with an unknown public key algorithm in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2024-2598 Standard library Found in: crypto/x509@go1.22 Fixed in: crypto/x509@go1.22.1 Example traces found: Error: celestiaorg#1: test/e2e/util.go:25:23: e2e.keyGenerator.Generate calls io.ReadFull, which eventually calls x[50](https://github.com/celestiaorg/celestia-app/actions/runs/8169780335/job/22334531542?pr=3157#step:4:51)9.Certificate.Verify ```
ninabarbakadze · Apr 2, 2024 · 38fd79e · 38fd79e
1 parent d6afd81
commit 38fd79e
Show file tree

Hide file tree

Showing 10 changed files with 12 additions and 12 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 # stage 1 Generate celestia-appd Binary
-FROM --platform=$BUILDPLATFORM docker.io/golang:1.22.0-alpine3.18 as builder
+FROM --platform=$BUILDPLATFORM docker.io/golang:1.22.1-alpine3.18 as builder
 
 ARG TARGETOS
 ARG TARGETARCH

diff --git a/Makefile b/Makefile
@@ -8,7 +8,7 @@ DOCKER_PROTO_BUILDER := docker run -v $(shell pwd):/workspace --workdir /workspa
 PROJECTNAME=$(shell basename "$(PWD)")
 HTTPS_GIT := https://github.com/celestiaorg/celestia-app.git
 PACKAGE_NAME          := github.com/celestiaorg/celestia-app
-GOLANG_CROSS_VERSION  ?= v1.22.0
+GOLANG_CROSS_VERSION  ?= v1.22.1
 
 # process linker flags
 ldflags = -X github.com/cosmos/cosmos-sdk/version.Name=celestia-app \

diff --git a/README.md b/README.md
@@ -35,7 +35,7 @@ node            |  |                               |  |
 
 ### Source
 
-1. [Install Go](https://go.dev/doc/install) 1.22.0
+1. [Install Go](https://go.dev/doc/install) 1.22.1
 1. Clone this repo
 1. Install the celestia-app CLI
 

diff --git a/docker/Dockerfile_txsim b/docker/Dockerfile_txsim
@@ -1,5 +1,5 @@
 # Stage 1: generate celestia-appd binary
-FROM --platform=$BUILDPLATFORM docker.io/golang:1.22.0-alpine3.18 as builder
+FROM --platform=$BUILDPLATFORM docker.io/golang:1.22.1-alpine3.18 as builder
 
 ARG TARGETOS
 ARG TARGETARCH

diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/celestiaorg/celestia-app
 
-go 1.22.0
+go 1.22.1
 
 require (
 	cosmossdk.io/errors v1.0.1

diff --git a/go.work b/go.work
@@ -1,4 +1,4 @@
-go 1.22.0
+go 1.22.1
 
 use (
 	.

diff --git a/test/testground/Dockerfile b/test/testground/Dockerfile
@@ -1,6 +1,6 @@
 # BUILD_BASE_IMAGE is the base image to use for the build. It contains a rolling
 # accumulation of Go build/package caches.
-ARG BUILD_BASE_IMAGE=docker.io/golang:1.22.0-alpine3.18
+ARG BUILD_BASE_IMAGE=docker.io/golang:1.22.1-alpine3.18
 # This Dockerfile performs a multi-stage build and RUNTIME_IMAGE is the image
 # onto which to copy the resulting binary.
 #

diff --git a/test/testground/compositions/standard/plan.toml b/test/testground/compositions/standard/plan.toml
@@ -46,10 +46,10 @@ cpu = "6"
 count = 100
 percentage = 0.0
 [groups.build_config]
-build_base_image = "golang:1.22.0"
+build_base_image = "golang:1.22.1"
 enable_go_build_cache = true
 enabled = true
-go_version = "1.22.0"
+go_version = "1.22.1"
 [groups.build]
 [groups.run]
 artifact = ""

diff --git a/test/testground/go.mod b/test/testground/go.mod
@@ -1,6 +1,6 @@
 module github.com/celestiaorg/celestia-app/test/testground
 
-go 1.22.0
+go 1.22.1
 
 require (
 	github.com/celestiaorg/celestia-app v1.0.0-rc0.0.20240304150808-f0a1f87c0253

diff --git a/test/testground/manifest.toml b/test/testground/manifest.toml
@@ -6,8 +6,8 @@ runner = "local:docker"
 
 [builders."docker:generic"]
 enabled = true
-build_base_image = "golang:1.22.0"
-go_version = "1.22.0"
+build_base_image = "golang:1.22.1"
+go_version = "1.22.1"
 enable_go_build_cache = true
 
 [runners."local:docker"]