Fix security vulnerabilities by using Go 1.19

[nimish22]

What happened?

Security vulnerability scanners like Twistlock and Snyk are reporting security vulnerabilities as terrajet uses <= Go 1.17 to build images. These security vulnerabilities are classified as critical and high severity and are preventing us from using the built images. Some of the CVEs are:

CVE-2021-44716 CVE-2021-41771 CVE-2022-28327 CVE-2022-24675 CVE-2022-24921 CVE-2022-23773 CVE-2022-23772 CVE-2022-23806 CVE-2022-28131 CVE-2022-30580 CVE-2022-30633 CVE-2022-30635 CVE-2022-30629 CVE-2022-30630 CVE-2022-30632 CVE-2022-32189 CVE-2022-30631 CVE-2021-41772

How can we reproduce it?

Point the Snyk to the Git repository to run scurity scan (eg: https://github.com/crossplane-contrib/provider-jet-datadog, https://github.com/crossplane/terrajet). The report points out the security vulnerabilities.

Potential fix?

These CVEs can be resolved by using the Go 1.19.

[muvaf]

From my reading, seems like the minimum Go version that'd remove these CVEs is v1.18.1 , right @nimish22 ?

[nimish22]

@muvaf Thank you for your quick reply and apologies for the confusion!

Twistlock scan has revealed 18 high vulnerabilities. I have updated the complete list above.

The lowest version where these CVEs are resolved is Go 1.18.4 and Go 1.17.12.