From 1d9d349c19ab8d63bf567660f4df3311a58b671b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= <pawel.gronowski@docker.com>
Date: Tue, 4 Feb 2025 20:34:35 +0100
Subject: [PATCH] update to go1.23.6
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- https://github.com/golang/go/issues?q=milestone%3AGo1.23.6+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.23.5...go1.23.6

This minor release include 1 security fix following the security policy:

- crypto/elliptic: timing sidechannel for P-256 on ppc64le

  Due to the usage of a variable time instruction in the assembly implementation
  of an internal function, a small number of bits of secret scalars are leaked on
  the ppc64le architecture. Due to the way this function is used, we do not
  believe this leakage is enough to allow recovery of the private key when P-256
  is used in any well known protocols.

This is CVE-2025-22866 and Go issue https://go.dev/issue/71383.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.23.6

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
---
 .github/workflows/codeql.yml     | 2 +-
 .github/workflows/test.yml       | 2 +-
 .golangci.yml                    | 2 +-
 Dockerfile                       | 2 +-
 docker-bake.hcl                  | 2 +-
 dockerfiles/Dockerfile.dev       | 2 +-
 dockerfiles/Dockerfile.lint      | 2 +-
 dockerfiles/Dockerfile.vendor    | 2 +-
 e2e/testdata/Dockerfile.gencerts | 2 +-
 9 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 78c623d225d1..384d46458a0f 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -63,7 +63,7 @@ jobs:
         name: Update Go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.23.5"
+          go-version: "1.23.6"
       -
         name: Initialize CodeQL
         uses: github/codeql-action/init@v3
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 4f9851d9161f..c148ace89c93 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -66,7 +66,7 @@ jobs:
         name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.23.5"
+          go-version: "1.23.6"
       -
         name: Test
         run: |
diff --git a/.golangci.yml b/.golangci.yml
index ba0f4178a30c..38c1d085071c 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -43,7 +43,7 @@ linters:
 run:
   # prevent golangci-lint from deducting the go version to lint for through go.mod,
   # which causes it to fallback to go1.17 semantics.
-  go: "1.23.5"
+  go: "1.23.6"
   timeout: 5m
 
 linters-settings:
diff --git a/Dockerfile b/Dockerfile
index 87d7c8630315..cb63732bf007 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,7 +4,7 @@ ARG BASE_VARIANT=alpine
 ARG ALPINE_VERSION=3.21
 ARG BASE_DEBIAN_DISTRO=bookworm
 
-ARG GO_VERSION=1.23.5
+ARG GO_VERSION=1.23.6
 ARG XX_VERSION=1.6.1
 ARG GOVERSIONINFO_VERSION=v1.4.1
 ARG GOTESTSUM_VERSION=v1.10.0
diff --git a/docker-bake.hcl b/docker-bake.hcl
index 0a644ef624f3..340556f5e0d9 100644
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@@ -1,5 +1,5 @@
 variable "GO_VERSION" {
-    default = "1.23.5"
+    default = "1.23.6"
 }
 variable "VERSION" {
     default = ""
diff --git a/dockerfiles/Dockerfile.dev b/dockerfiles/Dockerfile.dev
index f283c37c8cc7..71db7b06a07c 100644
--- a/dockerfiles/Dockerfile.dev
+++ b/dockerfiles/Dockerfile.dev
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.23.5
+ARG GO_VERSION=1.23.6
 ARG ALPINE_VERSION=3.21
 
 ARG BUILDX_VERSION=0.17.1
diff --git a/dockerfiles/Dockerfile.lint b/dockerfiles/Dockerfile.lint
index 86991041d8f5..69a6be097f60 100644
--- a/dockerfiles/Dockerfile.lint
+++ b/dockerfiles/Dockerfile.lint
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.23.5
+ARG GO_VERSION=1.23.6
 ARG ALPINE_VERSION=3.21
 ARG GOLANGCI_LINT_VERSION=v1.62.2
 
diff --git a/dockerfiles/Dockerfile.vendor b/dockerfiles/Dockerfile.vendor
index 921fa240749a..05d978c172bc 100644
--- a/dockerfiles/Dockerfile.vendor
+++ b/dockerfiles/Dockerfile.vendor
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.23.5
+ARG GO_VERSION=1.23.6
 ARG ALPINE_VERSION=3.21
 ARG MODOUTDATED_VERSION=v0.8.0
 
diff --git a/e2e/testdata/Dockerfile.gencerts b/e2e/testdata/Dockerfile.gencerts
index a5b90e75b08c..ff67ce19c954 100644
--- a/e2e/testdata/Dockerfile.gencerts
+++ b/e2e/testdata/Dockerfile.gencerts
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.23.5
+ARG GO_VERSION=1.23.6
 
 FROM golang:${GO_VERSION}-alpine AS generated
 ENV GOTOOLCHAIN=local