Fix security vulnerabilities by using Go 1.19

[nimish22]

What happened?

Security vulnerability scanners like Twistlock and Snyk are reporting security vulnerabilities as terrajet uses <= Go 1.17 to build images. These security vulnerabilities are classified as critical and high severity and are preventing us from using the built images. Some of the CVEs are:

CVE-2021-44716
CVE-2021-41771
CVE-2022-28327
CVE-2022-24675
CVE-2022-24921
CVE-2022-23773
CVE-2022-23772
CVE-2022-23806
CVE-2022-28131
CVE-2022-30580
CVE-2022-30633
CVE-2022-30635
CVE-2022-30629
CVE-2022-30630
CVE-2022-30632
CVE-2022-32189
CVE-2022-30631
CVE-2021-41772

How can we reproduce it?

Point the Snyk to the Git repository to run scurity scan (eg: https://github.com/crossplane-contrib/provider-jet-datadog, https://github.com/crossplane/terrajet). The report points out the security vulnerabilities.

Potential fix?

These CVEs can be resolved by using the Go 1.19.

[muvaf]

From my reading, seems like the minimum Go version that'd remove these CVEs is v1.18.1 , right @nimish22 ?

[nimish22]

@muvaf Thank you for your quick reply and apologies for the confusion!

Twistlock scan has revealed 18 high vulnerabilities. I have updated the complete list above.

The lowest version where these CVEs are resolved is Go 1.18.4 and Go 1.17.12.