Log message:
Update go117 to 1.17.3.

go1.17.3 (released 2021-11-04) includes security fixes to the archive/zip and
debug/macho packages, as well as bug fixes to the compiler, linker, runtime,
the go command, the misc/wasm directory, and to the net/http and syscall
packages. See the Go 1.17.3 milestone on our issue tracker for details.

Log message:
Update go116 to 1.16.10.

go1.16.10 (released 2021-11-04) includes security fixes to the archive/zip and
debug/macho packages, as well as bug fixes to the compiler, linker, runtime,
the misc/wasm directory, and to the net/http package. See the Go 1.16.10
milestone on our issue tracker for details.

Log message:
Update go117 to 1.17.2.

This minor release includes a security fix according to the new security policy.

When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js,
passing very large arguments can cause portions of the module to be overwritten
with data from the arguments.

If using wasm_exec.js to execute WASM modules, users will need to replace their
copy (as described in https://golang.org/wiki/WebAssembly#getting-started)
after rebuilding any modules.

This is issue 48797 and CVE-2021-38297. Thanks to Ben Lubar for reporting this
issue.

Log message:
Update go116 to 1.16.9.

This minor release includes a security fix according to the new security policy.

When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js,
passing very large arguments can cause portions of the module to be overwritten
with data from the arguments.

If using wasm_exec.js to execute WASM modules, users will need to replace their
copy (as described in https://golang.org/wiki/WebAssembly#getting-started)
after rebuilding any modules.

This is issue 48797 and CVE-2021-38297. Thanks to Ben Lubar for reporting this
issue.

Log message:
go: Add support for GO_EXTRA_MOD_DIRS.

This is a list of extra directories in which to look for go.mod files
when generating the output of show-go-modules.

Log message:
go: not ready for PIE

Log message:
go117: update to 1.17.1 (security).

go1.17.1 (released 2021-09-09) includes a security fix to the archive/zip
package, as well as bug fixes to the compiler, linker, the go command, and to
the crypto/rand, embed, go/types, html/template, and net/http packages.

Log message:
Update go116 to 1.16.8 (security).

go1.16.8 (released 2021-09-09) includes a security fix to the archive/zip
package, as well as bug fixes to the archive/zip, go/internal/gccgoimporter,
html/template, net/http, and runtime/pprof packages.

Log message:
go116: update to 1.16.7.

This minor release includes a security fix according to the new security
policy.

A net/http/httputil ReverseProxy can panic due to a race condition if its
Handler aborts with ErrAbortHandler, for example due to an error in copying the
response body. An attacker might be able to force the conditions leading to the
race condition.

This is issue https://golang.org/issue/46866 and CVE-2021-36221. Thanks to
Andrew Crump (VMware) for reporting this issue.

Log message:
go115: update to 1.15.15.

This minor release includes a security fix according to the new security
policy.

A net/http/httputil ReverseProxy can panic due to a race condition if its
Handler aborts with ErrAbortHandler, for example due to an error in copying the
response body. An attacker might be able to force the conditions leading to the
race condition.

This is issue https://golang.org/issue/46866 and CVE-2021-36221. Thanks to
Andrew Crump (VMware) for reporting this issue.