build: bump to go 1.21.3 (#18717)

Go 1.21.3 fixes an important HTTP2 CVE (see CVE-2023-39325 and CVE-2023-44487). Nomad does not use HTTP2 and is not vulnerable. However we should pick up the toolchain bump if for no other reason than we don't have to answer questions about that.
2026-01-01 16:05:42 +03:00 · 2023-10-10 16:37:24 -04:00
parent ef6814388c
commit 635afee376
5 changed files with 7 additions and 4 deletions
--- a/scripts/linux-priv-go.sh
+++ b/scripts/linux-priv-go.sh
@@ -21,7 +21,7 @@ case $(arch) in
 esac

 function install_go() {
-	local go_version="1.21.0"
+	local go_version="1.21.3"
 	local download="https://storage.googleapis.com/golang/go${go_version}.linux-${ARCH}.tar.gz"

 	if go version 2>&1 | grep -q "${go_version}"; then
--- a/scripts/release/mac-remote-build
+++ b/scripts/release/mac-remote-build
@@ -56,7 +56,7 @@ REPO_PATH="${TMP_WORKSPACE}/gopath/src/github.com/hashicorp/nomad"
 mkdir -p "${TMP_WORKSPACE}/tmp"

 install_go() {
-  local go_version="1.21.0"
+  local go_version="1.21.3"
  local download=

  download="https://storage.googleapis.com/golang/go${go_version}.darwin-amd64.tar.gz"