From 8e85cac013f9cc1064c2e1f666945b7d80a6226b Mon Sep 17 00:00:00 2001
From: Jamie Magee <jamagee@microsoft.com>
Date: Tue, 5 Mar 2024 15:41:19 -0800
Subject: [PATCH] Bump go from `1.22.0` to `1.22.1` (#292)

* Bump go from `1.22.0` to `1.22.1`

This resolves:

- CVE-2024-24783
- CVE-2023-45290
- CVE-2023-45289

See https://go.dev/doc/devel/release#go1.22.1

* Retrieve go version from `go.mod`
---
 .github/workflows/ci.yml              | 4 ++--
 .github/workflows/codeql-analysis.yml | 2 +-
 .github/workflows/release.yml         | 2 +-
 .github/workflows/smoke.yml           | 2 +-
 go.mod                                | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 5bd7a6d..7eca026 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -15,7 +15,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.22
+          go-version-file: go.mod
 
       - name: Build
         run: go build -v ./...
@@ -33,7 +33,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.22
+          go-version-file: go.mod
 
       - name: Run go vet
         run: go vet ./...
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 156ca46..3045d31 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -38,7 +38,7 @@ jobs:
     # The runner ships with v1.20.14
     - uses: actions/setup-go@v5
       with:
-        go-version: '1.22'
+        go-version-file: go.mod
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f0e1cb4..1338780 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -24,7 +24,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: wangyoucao577/go-release-action@v1.49
         with:
-          goversion: 1.22.0 # needs the patch specified
+          goversion: go.mod
           github_token: ${{ secrets.GITHUB_TOKEN }}
           goos: ${{ matrix.goos }}
           goarch: ${{ matrix.goarch }}
diff --git a/.github/workflows/smoke.yml b/.github/workflows/smoke.yml
index 4f0dd94..37f9b14 100644
--- a/.github/workflows/smoke.yml
+++ b/.github/workflows/smoke.yml
@@ -32,7 +32,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.22
+          go-version-file: go.mod
 
       # Download the Proxy cache. The job is ideally 100% cached so no real calls are made.
       - name: Download cache
diff --git a/go.mod b/go.mod
index 5b4ba5a..05692e5 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/dependabot/cli
 
-go 1.22
+go 1.22.1
 
 require (
 	github.com/MakeNowJust/heredoc v1.0.0