Need golang version to be updated to 1.18.5 to resolve high level security issues

[muhanator]

Which version of the AzCopy was used?

latest version: @azure-tools/azcopy-linux:10.16.0

Which platform are you using? (ex: Windows, Mac, Linux)

Linux

What command did you run?

We have a node.js based microservice which uses @azure-tools/azcopy-node as dependency (in our package.json)

@azure-tools/azcopy-node uses "@azure-tools/azcopy-linux" as a dependency (in our package-lock.json)

What problem was encountered?

attached is security scan:
Docker_ccss-4.1.0-gl1200247_Security_Export.pdf

We see 16 high level security issues detected in our security scans because we use @azure-tools/azcopy-linux:10.16.0, which uses golang:1.17.9.

How can we reproduce the problem in the simplest way?

Use the npm package @azure-tools/azcopy-linux:10.16.0 from https://www.npmjs.com/package/resolve in your node.js project, build it as a docker image, run a xray security scan (scanning tool used in our case) and you will see multiple high level security issue due to the use of golang:1.17.9 (which is used in @azure-tools/azcopy-linux:10.16.0)

Have you found a mitigation/solution?

Upgrading the golang version to 1.18.5 should resolve the issue, should be a similar fix to 1883a4b

[adreed-msft]

@zezha-msft I'll submit a PR to upgrade our target Go version.

@JasonYeMSFT FYI