Update go to address CVEs

[dhaval0603]

The go package used in the prom/statsd-exporter:v0.26.0 is affected by a number of CVEs. The package needs to be updated to provide security fixes

Security Reports

Please view all CVEs listed in this report. All CVEs listed here are reported for golang:go:1.19.12:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe%3A2.3%3Aa%3Agolang%3Ago%3A1.19.12%3A*%3A*%3A*%3A*%3A*%3A*%3A*

Evidence

Go packaged in the prom/statsd-exporter:v0.26.0 still contains go 1.19.12. See this line "Build context" context="(go=go1.19.12, platform=linux/amd64, user=root@28e79991cb35, date=20231206-09:59:46, tags=netgo static_build)"

❯ docker run -it prom/statsd-exporter:v0.26.0
Unable to find image 'prom/statsd-exporter:v0.26.0' locally
v0.26.0: Pulling from prom/statsd-exporter
Digest: sha256:a3924f9429c8237293336ff40c5a246238ff9f64aaf712521b2d29f45d6214d5
Status: Downloaded newer image for prom/statsd-exporter:v0.26.0
ts=2024-01-09T19:51:53.636Z caller=main.go:300 level=info msg="Starting StatsD -> Prometheus Exporter" version="(version=0.26.0, branch=HEAD, revision=2c7fd1edd4bdf01982a648b689da10e5bcff860d)"
ts=2024-01-09T19:51:53.636Z caller=main.go:301 level=info msg="Build context" context="(go=go1.19.12, platform=linux/amd64, user=root@28e79991cb35, date=20231206-09:59:46, tags=netgo static_build)"
ts=2024-01-09T19:51:53.638Z caller=main.go:350 level=info msg="Accepting StatsD Traffic" udp=:9125 tcp=:9125 unixgram=
ts=2024-01-09T19:51:53.638Z caller=main.go:351 level=info msg="Accepting Prometheus Requests" addr=:9102