Update Go to 1.24.6 to address known CVEs

## Description

Update Go from 1.24.0 to 1.24.6 to address 6 known CVEs detected by Trivy security scanning.

## Background

Security scanning implemented in #123 detected the following vulnerabilities in Go 1.24.0:

**HIGH severity:**
- CVE-2025-22874: crypto/x509 policy validation issue
- CVE-2025-47907: database/sql race condition

**MEDIUM severity:**
- CVE-2025-0913: os/syscall O_CREATE handling issue
- CVE-2025-22871: net/http request smuggling vulnerability
- CVE-2025-4673: net/http sensitive headers exposure
- CVE-2025-47906: os/exec LookPath security issue

All of these CVEs are fixed in Go 1.24.6.

## Tasks

- [ ] Update `go.mod` to require Go 1.24.6
- [ ] Run `go mod tidy`
- [ ] Update any CI workflows that specify Go version
- [ ] Verify all tests pass with new Go version
- [ ] Run security scans to confirm CVEs are resolved

## References

- Related to #123 (security scanning implementation)
- [Go 1.24.6 release notes](https://go.dev/doc/devel/release#go1.24.6)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update Go to 1.24.6 to address known CVEs #125

Description

Background

Tasks

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Update Go to 1.24.6 to address known CVEs #125

Description

Description

Background

Tasks

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions