go 1.20.1 has security issues

[Jmainguy]

Hey,

When installing https://github.com/itchyny/gojq/releases/tag/v0.12.12 inside an alpine container, using curl / tar / cp, twistlock (a security scanning tool) triggers off of the gojq binary, and complains about it using go 1.20.1

https://nvd.nist.gov/vuln/detail/CVE-2023-24538

It suggests using go 1.20.3 or higher

[Jmainguy]

it is also fixed in go 1.19.8, nothing in this project is calling a version specifically. I think if a new build was triggered it would likely get the latest 1.x go and be patched. Also since gojq doesnt use templates, it is actually not vulnerable to this either, it just trips some security tools because of the go version being used.

[itchyny]

Thanks for let me know. Since gojq is not affected by the vulnerability of templates, I will bump up version later and the issue will be resolved eventually.