update go to go1.20.6

[thaJeztah]

• depends on go.mod: github.com/docker/docker 8443a06149b5 (v24.0.5-dev) #10810
• relates to [master] update go to go1.20.6 docker-ce-packaging#921

go1.20.6 (released 2023-07-11) includes a security fix to the net/http package, as well as bug fixes to the compiler, cgo, the cover tool, the go command, the runtime, and the crypto/ecdsa, go/build, go/printer, net/mail, and text/template packages. See the Go 1.20.6 milestone on our issue tracker for details.

https://github.com/golang/go/issues?q=milestone%3AGo1.20.6+label%3ACherryPickApproved

Full diff: golang/go@go1.20.5...go1.20.6

These minor releases include 1 security fixes following the security policy:

net/http: insufficient sanitization of Host header

The HTTP/1 client did not fully validate the contents of the Host header. A maliciously crafted Host header could inject additional headers or entire requests. The HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.

Thanks to Bartek Nowotarski for reporting this issue.

Includes security fixes for CVE-2023-29406 and Go issue https://go.dev/issue/60374

What I did

Related issue

(not mandatory) A picture of a cute animal, if possible in relation to what you did

[thaJeztah]

cool. this was the failure I expected to see; this should now be fixed by #10810

=== RUN   TestUpWithBuildDependencies/up_with_service_using_image_build_by_an_another_service
    up_test.go:114: 	[TestUpWithBuildDependencies/up_with_service_using_image_build_by_an_another_service] docker rmi built-image-dependency
    up_test.go:116: Running command: docker compose --project-directory fixtures/dependencies -f fixtures/dependencies/service-image-depends-on.yaml up -d
    up_test.go:116: assertion failed: 
        Command:  docker compose --project-directory fixtures/dependencies -f fixtures/dependencies/service-image-depends-on.yaml up -d
        ExitCode: 17
        Error:    exit status 17
        Stdout:   
        Stderr:    bar Pulling 
         foo Pulling 
         foo Warning 
         bar Error 
        http: invalid Host header
        
        
        Failures:
        ExitCode was 17 expected 0
        Expected no error****

[thaJeztah]

All green, now that #10810 was merged 🎉

@milas ptal

[codecov]

Codecov Report

Patch coverage has no change and project coverage change: -0.08 ⚠️

Comparison is base (ce8a09b) 59.18% compared to head (49bc060) 59.11%.

Additional details and impacted files

@@            Coverage Diff             @@
##               v2   #10812      +/-   ##
==========================================
- Coverage   59.18%   59.11%   -0.08%     
==========================================
  Files         115      115              
  Lines        9869     9869              
==========================================
- Hits         5841     5834       -7     
- Misses       3436     3440       +4     
- Partials      592      595       +3     

see 5 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.