[Automation] Bump Golang version to 1.23.5

[github-actions]

Bump golang-version to latest version

Update .go-version

1 file(s) updated with "1.23.5": * .go-version

1.23.5

no GitHub Release found for go1.23.5 on "https://github.com/golang/go"

Update .golangci.yml

1 file(s) updated with "1.23.5": * .golangci.yml

1.23.5

no GitHub Release found for go1.23.5 on "https://github.com/golang/go"

GitHub Action workflow link

---

Created automatically by Updatecli Options: Most of Updatecli configuration is done via its manifest(s). If you close this pull request, Updatecli will automatically reopen it, the next time it runs. If you close this pull request and delete the base branch, Updatecli will automatically recreate it, erasing all previous commits made. Feel free to report any issues at github.com/updatecli/updatecli. If you find this tool useful, do not hesitate to star our GitHub repository as a sign of appreciation, and/or to tell us directly on our chat!

[cmacknz]

#4343 (comment)

This needs a changelog.

Also 8.16 and 8.17 are on outdated versions of Go 1.22.x. We can either backport this there to get the CVE fixes or update to the latest 1.22.

Similarly 7.17 is still on 1.21 and definitely needs an update to either 1.22 and 1.23.

If we are confident 1.23 won't introduce any problems probably simplest to backport this to all of them. I'll add the backport labels for these out of convenience.

That these keep getting closed periodically and recreated with all comments and changes stripped is pretty annoying. @v1v do you know what causes this? Beats and Elastic Agent do the same thing. Probably the GH action is wrong somewhow.

[v1v]

That these keep getting closed periodically and recreated with all comments and changes stripped is pretty annoying. @v1v do you know what causes this? Beats and Elastic Agent do the same thing. Probably the GH action is wrong somewhow.

I see #4343 was closed and it contains 0 changes.

I'll review it. So far, it seems related to updatecli/updatecli#2039 although it talks about different updatecli pipelines... but the behaviour is certainly the same.

This #4343 (comment) closed the PR as a consequence of https://github.com/elastic/fleet-server/actions/runs/12937148219

As far as I see we have not changed the updatecli version in this project for quite some time... So, my first attempt will be to update it

[michel-laterman]

This needs a changelog.
Also 8.16 and 8.17 are on outdated versions of Go 1.22.x. We can either backport this there to get the CVE fixes or update to the latest 1.22.
Similarly 7.17 is still on 1.21 and definitely needs an update to either 1.22 and 1.23.
If we are confident 1.23 won't introduce any problems probably simplest to backport this to all of them. I'll add the backport labels for these out of convenience.

The 7.17, 8.16, 8.17, and 8.x branches are on go v1.23.1, I've added the changelog entry and backport labels

[elastic-sonarqube]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube