Skip to content

Bump golang 1.25.7 + golangci-lint#1784

Merged
devacts merged 3 commits intocarvel-dev:developfrom
sameerforge:bump-golang-1.25.5
Feb 17, 2026
Merged

Bump golang 1.25.7 + golangci-lint#1784
devacts merged 3 commits intocarvel-dev:developfrom
sameerforge:bump-golang-1.25.5

Conversation

@sameerforge
Copy link
Copy Markdown
Contributor

@sameerforge sameerforge commented Jan 30, 2026
edited by CodesbyUnnati
Loading

What this PR does / why we need it:

This PR fixes golang CVEs by updating golang to 1.25.7.

Which issue(s) this PR fixes:

─────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │  Fixed Version  │                            Title                             │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2025-61726 │ HIGH     │ fixed  │ v1.25.5           │ 1.24.12, 1.25.7 │ golang: net/url: Memory exhaustion in query parameter        │
│         │                │          │        │                   │                 │ parsing in net/url                                           │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2025-61726                   │
│         ├────────────────┤          │        │                   │                 ├──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-61728 │          │        │                   │                 │ golang: archive/zip: Excessive CPU consumption when building │
│         │                │          │        │                   │                 │ archive index in archive/zip                                 │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2025-61728                   │
│         ├────────────────┼──────────┤        │                   │                 ├──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-61730 │ MEDIUM   │        │                   │                 │ During the TLS 1.3 handshake if multiple messages are sent   │
│         │                │          │        │                   │                 │ in records...                                                │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2025-61730                   │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────┴──────────────────────────────────────────────────────────────┘

Fixes #

Does this PR introduce a user-facing change?

Additional Notes for your reviewer:

Review Checklist:
  • Follows the developer guidelines
  • Relevant tests are added or updated
  • Relevant docs in this repo added or updated
  • Relevant carvel.dev docs added or updated in a separate PR and there's
    a link to that PR
  • Code is at least as readable and maintainable as it was before this
    change

Additional documentation e.g., Proposal, usage docs, etc.:

sameerforge and others added 3 commits February 16, 2026 18:12
@sameerforge
Bump golang + golangci-lint
25ac035 
Signed-off-by: Sameer <sameer.khan@broadcom.com>

Bump golang 1.25.7

Signed-off-by: Unnati Mishra <unnati.mishra@broadcom.com>

Bump golang to 1.25.6 to fix CVEs

Signed-off-by: Unnati Mishra <unnati.mishra@broadcom.com>
Update go mod for cli folder
775431e 
Signed-off-by: Unnati Mishra <unnati.mishra@broadcom.com>
Update new-from-rev SHA
add7a84 
Signed-off-by: Unnati Mishra <unnati.mishra@broadcom.com>
@CodesbyUnnati CodesbyUnnati changed the title Bump golang + golangci-lint Bump golang 1.25.7 + golangci-lint Feb 16, 2026
@devacts devacts merged commit 81d71a4 into carvel-dev:develop Feb 17, 2026
11 checks passed
@github-project-automation github-project-automation bot moved this to Closed in Carvel Feb 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@CodesbyUnnati CodesbyUnnati CodesbyUnnati approved these changes

@devacts devacts devacts approved these changes

Assignees

No one assigned

Labels

None yet

Projects

Carvel
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sameerforge @CodesbyUnnati @devacts @carvel-bot