From 32938b1abc430a73a89cacf5c30fda2d63cd6be0 Mon Sep 17 00:00:00 2001
From: hc-github-team-consul-core <github-team-consul-core@hashicorp.com>
Date: Wed, 3 Jul 2024 11:07:01 -0700
Subject: [PATCH] Backport of NET-10288-Bump-go-to-resolve-CVE-2024-24791 into
 release/1.19.x (#21513)

* backport of commit 764532e82c9fe1460fdc6892e6e9024542e7b391

* backport of commit 61ee7f8d520d9cdd901a26ade6259cfb5d105786

* backport of commit d7da6ce5fe7cdcc28eada1e21439c734077ef2f1

---------

Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
---
 .changelog/21507.txt | 3 +++
 .go-version          | 2 +-
 go.mod               | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)
 create mode 100644 .changelog/21507.txt

diff --git a/.changelog/21507.txt b/.changelog/21507.txt
new file mode 100644
index 000000000000..e06736fdbce5
--- /dev/null
+++ b/.changelog/21507.txt
@@ -0,0 +1,3 @@
+```release-note:security
+Upgrade go version to 1.22.5 to address [CVE-2024-24791](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791)
+```
\ No newline at end of file
diff --git a/.go-version b/.go-version
index 2a0ba77cc5e3..054c858fbf36 100644
--- a/.go-version
+++ b/.go-version
@@ -1 +1 @@
-1.22.4
+1.22.5
\ No newline at end of file
diff --git a/go.mod b/go.mod
index 40dfce90cc74..00457c54bc7b 100644
--- a/go.mod
+++ b/go.mod
@@ -2,7 +2,7 @@ module github.com/hashicorp/consul
 
 go 1.20
 
-toolchain go1.22.4
+toolchain go1.22.5
 
 replace (
 	github.com/hashicorp/consul/api => ./api