From dccc21bb691e4d515eb236ca00a655ab50daa029 Mon Sep 17 00:00:00 2001
From: Benjamin Wang <wachao@vmware.com>
Date: Fri, 9 Dec 2022 07:39:57 +0800
Subject: [PATCH] bump go 1.19.4

$ govulncheck ./...
govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

Scanning for dependencies with known vulnerabilities...
Found 1 known vulnerability.

Vulnerability #1: GO-2022-1144
  An attacker can cause excessive memory growth in a Go server
  accepting HTTP/2 requests. HTTP/2 server connections contain a
  cache of HTTP header keys sent by the client. While the total
  number of entries in this cache is capped, an attacker sending
  very large keys can cause the server to allocate approximately
  64 MiB per open connection.

  Call stacks in your code:
      tools/etcd-dump-metrics/main.go:159:31: go.etcd.io/etcd/v3/tools/etcd-dump-metrics.main$4 calls go.etcd.io/etcd/server/v3/embed.StartEtcd, which eventually calls golang.org/x/net/http2.ConfigureServer$1

  Found in: golang.org/x/net/http2@v0.2.0
  Fixed in: golang.org/x/net/http2@v1.19.4
  More info: https://pkg.go.dev/vuln/GO-2022-1144

Vulnerability #2: GO-2022-1144
  An attacker can cause excessive memory growth in a Go server
  accepting HTTP/2 requests. HTTP/2 server connections contain a
  cache of HTTP header keys sent by the client. While the total
  number of entries in this cache is capped, an attacker sending
  very large keys can cause the server to allocate approximately
  64 MiB per open connection.

  Call stacks in your code:
      contrib/lock/storage/storage.go:106:28: go.etcd.io/etcd/v3/contrib/lock/storage.main calls net/http.ListenAndServe
      contrib/raftexample/httpapi.go:113:31: go.etcd.io/etcd/v3/contrib/raftexample.serveHTTPKVAPI$1 calls net/http.Server.ListenAndServe
      tools/etcd-dump-metrics/main.go:159:31: go.etcd.io/etcd/v3/tools/etcd-dump-metrics.main$4 calls go.etcd.io/etcd/server/v3/embed.StartEtcd, which eventually calls net/http.Serve
      tools/etcd-dump-metrics/main.go:159:31: go.etcd.io/etcd/v3/tools/etcd-dump-metrics.main$4 calls go.etcd.io/etcd/server/v3/embed.StartEtcd, which eventually calls net/http.Server.Serve

  Found in: net/http@go1.19.3
  Fixed in: net/http@go1.19.4
  More info: https://pkg.go.dev/vuln/GO-2022-1144

Signed-off-by: Benjamin Wang <wachao@vmware.com>
---
 .github/workflows/build.yaml                   | 2 +-
 .github/workflows/contrib.yaml                 | 2 +-
 .github/workflows/coverage.yaml                | 2 +-
 .github/workflows/e2e.yaml                     | 2 +-
 .github/workflows/functional.yaml              | 2 +-
 .github/workflows/fuzzing.yaml                 | 2 +-
 .github/workflows/govuln.yaml                  | 2 +-
 .github/workflows/grpcproxy.yaml               | 2 +-
 .github/workflows/linearizability-nightly.yaml | 2 +-
 .github/workflows/linearizability.yaml         | 2 +-
 .github/workflows/release.yaml                 | 2 +-
 .github/workflows/static-analysis.yaml         | 2 +-
 .github/workflows/tests.yaml                   | 2 +-
 tests/functional/Dockerfile                    | 2 +-
 tests/manual/Makefile                          | 2 +-
 15 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index c3aa840dba6..3b62c733e95 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -22,7 +22,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: actions/setup-go@v2
         with:
-          go-version: "1.19.3"
+          go-version: "1.19.4"
       - env:
           TARGET: ${{ matrix.target }}
         run: |
diff --git a/.github/workflows/contrib.yaml b/.github/workflows/contrib.yaml
index a1429c9fdff..367baa678f8 100644
--- a/.github/workflows/contrib.yaml
+++ b/.github/workflows/contrib.yaml
@@ -8,5 +8,5 @@ jobs:
     - uses: actions/checkout@v2
     - uses: actions/setup-go@v2
       with:
-        go-version: "1.19.3"
+        go-version: "1.19.4"
     - run: make -C contrib/mixin tools test
diff --git a/.github/workflows/coverage.yaml b/.github/workflows/coverage.yaml
index c5225f7f9c5..c11daf523ab 100644
--- a/.github/workflows/coverage.yaml
+++ b/.github/workflows/coverage.yaml
@@ -13,7 +13,7 @@ jobs:
     - uses: actions/checkout@v2
     - uses: actions/setup-go@v2
       with:
-        go-version: "1.19.3"
+        go-version: "1.19.4"
     - env:
         TARGET: ${{ matrix.target }}
       run: |
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index 553a726b8e0..25a66570750 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -14,7 +14,7 @@ jobs:
     - uses: actions/checkout@v2
     - uses: actions/setup-go@v2
       with:
-        go-version: "1.19.3"
+        go-version: "1.19.4"
     - run: date
     - env:
         TARGET: ${{ matrix.target }}
diff --git a/.github/workflows/functional.yaml b/.github/workflows/functional.yaml
index d39d9a0241e..16fbebda7b9 100644
--- a/.github/workflows/functional.yaml
+++ b/.github/workflows/functional.yaml
@@ -13,7 +13,7 @@ jobs:
     - uses: actions/checkout@v2
     - uses: actions/setup-go@v2
       with:
-        go-version: "1.19.3"
+        go-version: "1.19.4"
     - run: date
     - env:
         TARGET: ${{ matrix.target }}
diff --git a/.github/workflows/fuzzing.yaml b/.github/workflows/fuzzing.yaml
index 75bf98a44db..bc80bc20b03 100644
--- a/.github/workflows/fuzzing.yaml
+++ b/.github/workflows/fuzzing.yaml
@@ -12,7 +12,7 @@ jobs:
     - uses: actions/checkout@v2
     - uses: actions/setup-go@v2
       with:
-        go-version: "1.19.3"
+        go-version: "1.19.4"
     - run: GOARCH=amd64 CPU=4 make fuzz
     - uses: actions/upload-artifact@v2
       if: failure()
diff --git a/.github/workflows/govuln.yaml b/.github/workflows/govuln.yaml
index 8794daf07f6..9672326468e 100644
--- a/.github/workflows/govuln.yaml
+++ b/.github/workflows/govuln.yaml
@@ -8,6 +8,6 @@ jobs:
       - uses: actions/checkout@v2
       - uses: actions/setup-go@v2
         with:
-          go-version: "1.19.3"
+          go-version: "1.19.4"
       - run: date
       - run: go install golang.org/x/vuln/cmd/govulncheck@latest && govulncheck ./...
diff --git a/.github/workflows/grpcproxy.yaml b/.github/workflows/grpcproxy.yaml
index d5fefb4fc30..ccaa627d3cb 100644
--- a/.github/workflows/grpcproxy.yaml
+++ b/.github/workflows/grpcproxy.yaml
@@ -14,7 +14,7 @@ jobs:
     - uses: actions/checkout@v2
     - uses: actions/setup-go@v2
       with:
-        go-version: "1.19.3"
+        go-version: "1.19.4"
     - run: date
     - env:
         TARGET: ${{ matrix.target }}
diff --git a/.github/workflows/linearizability-nightly.yaml b/.github/workflows/linearizability-nightly.yaml
index 819f6d7a1ee..aa71d2985b3 100644
--- a/.github/workflows/linearizability-nightly.yaml
+++ b/.github/workflows/linearizability-nightly.yaml
@@ -12,7 +12,7 @@ jobs:
     - uses: actions/checkout@v2
     - uses: actions/setup-go@v2
       with:
-        go-version: "1.19.3"
+        go-version: "1.19.4"
     - run: |
         make gofail-enable
         make build
diff --git a/.github/workflows/linearizability.yaml b/.github/workflows/linearizability.yaml
index c61b49cafcb..a275a8c20b2 100644
--- a/.github/workflows/linearizability.yaml
+++ b/.github/workflows/linearizability.yaml
@@ -8,7 +8,7 @@ jobs:
     - uses: actions/checkout@v2
     - uses: actions/setup-go@v2
       with:
-        go-version: "1.19.3"
+        go-version: "1.19.4"
     - run: |
         make gofail-enable
         make build
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 4bf0c83475e..2feceb09107 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -8,7 +8,7 @@ jobs:
     - uses: actions/checkout@v2
     - uses: actions/setup-go@v2
       with:
-        go-version: "1.19.3"
+        go-version: "1.19.4"
     - run: |
         git config --global user.email "github-action@etcd.io"
         git config --global user.name "Github Action"
diff --git a/.github/workflows/static-analysis.yaml b/.github/workflows/static-analysis.yaml
index 8905f46ced8..0d65934b818 100644
--- a/.github/workflows/static-analysis.yaml
+++ b/.github/workflows/static-analysis.yaml
@@ -8,7 +8,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: actions/setup-go@v2
         with:
-          go-version: "1.19.3"
+          go-version: "1.19.4"
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index 11ee3240ce3..7aa77b528a2 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -17,7 +17,7 @@ jobs:
     - uses: actions/checkout@v2
     - uses: actions/setup-go@v2
       with:
-        go-version: "1.19.3"
+        go-version: "1.19.4"
     - run: date
     - env:
         TARGET: ${{ matrix.target }}
diff --git a/tests/functional/Dockerfile b/tests/functional/Dockerfile
index eec85ca1d77..db8cf3d57a7 100644
--- a/tests/functional/Dockerfile
+++ b/tests/functional/Dockerfile
@@ -13,7 +13,7 @@ RUN dnf check-update || true \
 ENV GOROOT /usr/local/go
 ENV GOPATH /go
 ENV PATH ${GOPATH}/bin:${GOROOT}/bin:${PATH}
-ENV GO_VERSION 1.19.3
+ENV GO_VERSION 1.19.4
 ENV GO_DOWNLOAD_URL https://storage.googleapis.com/golang
 RUN rm -rf ${GOROOT} \
   && curl -s ${GO_DOWNLOAD_URL}/go${GO_VERSION}.linux-amd64.tar.gz | tar -v -C /usr/local/ -xz \
diff --git a/tests/manual/Makefile b/tests/manual/Makefile
index 399af5eba8c..78b08d69930 100644
--- a/tests/manual/Makefile
+++ b/tests/manual/Makefile
@@ -1,5 +1,5 @@
 TMP_DOCKERFILE:=$(shell mktemp)
-GO_VERSION ?= 1.19.3
+GO_VERSION ?= 1.19.4
 TMP_DIR_MOUNT_FLAG = --tmpfs=/tmp:exec
 ifdef HOST_TMP_DIR
 	TMP_DIR_MOUNT_FLAG = --mount type=bind,source=$(HOST_TMP_DIR),destination=/tmp