Go 1.21.3 fixes an important HTTP2 CVE (see CVE-2023-39325 and
CVE-2023-44487). Nomad does not use HTTP2 and is not vulnerable. However we
should pick up the toolchain bump if for no other reason than we don't have to
answer questions about that.
* build: update to go1.21
* go: eliminate helpers in favor of min/max
* build: run go mod tidy
* build: swap depguard for semgrep
* command: fixup broken tls error check on go1.21
Go released a security update to fix build-time code injection and execution via
CGO. This doesn't impact already-released versions of Nomad, just the build
toolchain, so we won't be releasing a Nomad security update to go with it.
This PR update to Go 1.18.2. Also update the versions of hclfmt
and go-hclogfmt which includes newer dependencies necessary for dealing
with go1.18.
The hcl v2 branch is now 'nomad-v2.9.1+tweaks2', to include a fix for
newer macOS versions: 8927e75e82
* go get on the remote mac instance installs with read-only, allow for rm step
* Update scripts/release/mac-remote-build
Co-authored-by: Mahmood Ali <mahmood@hashicorp.com>
Co-authored-by: Mahmood Ali <mahmood@hashicorp.com>
Avoids setting the node version in the release Dockerfile, by using
an alias. This allows us to update the node version in one file only.
Co-authored-by: Michael Schurter <mschurter@hashicorp.com>
Noticed that the structs code-generated parsers is no longer committed
when we cut a release, starting with v0.12. We've been committing
generated code to ease reproduction and rebuilding the tag.
Note for example that `structs.generated.go` was present in the [0.11.3
commit](8918fc804a)
but not in the [0.12.1
one](14a6893a25).
We leave the files ignored, so developers don't accidentally commit them
in local development.
Go 1.14.4 contains two CVEs which are fixed in 1.14.5:
- [CVE-2020-15586](https://golang.org/issue/34902)
- [CVE-2020-14039](https://golang.org/issue/39360)
Upon consideration with HashiCorp security these CVEs are considered low
severity for Nomad and no new security fix binary will be released.
