From 0aa2df1027556be3b580ab6a5d063199a530e9ed Mon Sep 17 00:00:00 2001
From: Lucas Bajolet <lucas.bajolet@hashicorp.com>
Date: Mon, 12 Dec 2022 14:09:08 -0500
Subject: [PATCH] go-version: bump to 1.18.9

The go 1.18.9 version fixes a vulnerability GO-2022-1144, which concerns
the net/http and golang.org/x/net packages.

These are used in the codebase, and therefore automated tools report the
generated binaries as vulnerable to this.

Note that while Packer is indeed vulnerable to this, this is a DoS
attack. This is therefore unlikely to impact Packer severely, especially
as it requires a deliberate attempt to provoke an OOM/excessive GC
cycles.

Nonetheless, since this vulnerability is fixed with go 1.18.9, we bump
the version used to build/test the tools to this version.
---
 .go-version | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.go-version b/.go-version
index 8e8b0a933..cafc0b7ad 100644
--- a/.go-version
+++ b/.go-version
@@ -1 +1 @@
-1.18.5
+1.18.9