Address CVE-2024-24790

[ArkaSaha30]

What would you like to be added?

CVE-2024-24790/ GO-2024-2887 was recently published. We need to bump affected go versions:

• go1.22.3 --> go1.22.4 (ref: https://go.dev/doc/devel/release#go1.22.4)
• go1.21.10 --> go1.21.11 (ref: https://go.dev/doc/devel/release#go1.21.11)

Go version bump

• etcd/main: Bump Go version to 1.22.4: CVE 2024-24790 fix #18128
• etcd/release-3.5: [3.5] Bump Go version to 1.21.11: CVE 2024-24790 fix #18129
• etcd/release-3.4: [3.4]Bump Go version to 1.21.11: CVE 2024-24790 fix #18130
• CHANGELOG update: Bump Go version to 1.22.4: CVE 2024-24790 fix #18128
• raft/main: Bump Go version to 1.22.4: CVE 2024-24790 fix raft#202
• bbolt/main: Bump Go version to 1.22.4: CVE 2024-24790 fix bbolt#762
• bbolt/release-1.3: [1.3]Bump Go version to 1.21.11: CVE 2024-24790 fix bbolt#763
• gofail/master: Bump Go version to 1.21.11: CVE 2024-24790 fix gofail#71

Why is this needed?

To keep the Go version up to date and avoid CVEs. The mentioned bumped Go versions includes security fixes to the archive/zip and net/netip packages, as well as bug fixes to the compiler, the go command, the runtime, and the os package.

Ref: golang/go#67680

[ArkaSaha30]

cc @ahrtr @jmhbnz

[henrybear327]

/assign @ArkaSaha30

[ArkaSaha30]

Go Vulnerability Checker started detecting : https://github.com/etcd-io/etcd/actions/runs/9379426032/job/25824345786#step:6:15

[henrybear327]

@ArkaSaha30 maybe add an entry to update the changelog :) So we won't forget!

[ahrtr]

Please also update go version for https://github.com/etcd-io/gofail

[ahrtr]

All done. Thanks @ArkaSaha30