Fix govulncheck failures (9 CVEs in Go dependencies)

PR #6435 adds govulncheck CI. It correctly detects these pre-existing vulnerabilities:

   - GO-2025-4007, GO-2025-4008, GO-2025-4009, GO-2025-4010, GO-2025-4011
   - GO-2025-4012, GO-2025-4013, GO-2025-4155, GO-2026-4603
16 vulnerabilities from Go stdlib + 1 module affect code paths.

## Failing modules
   - `./tool/actions-plan-preview`
   - `./tool/actions-gh-release`
   - `./pkg/app/pipedv1/plugin/*` (multiple)
   - Root module (`.`)


  Main failures:

   - https://github.com/pipe-cd/pipecd/actions/runs/23225026408/job/67505807200 — govulncheck (.)
   - https://github.com/pipe-cd/pipecd/actions/runs/23225026408/job/67505807194 — govulncheck 
  (./pkg/app/pipedv1/plugin/kubernetes)
   - https://github.com/pipe-cd/pipecd/actions/runs/23225026408/job/67505807219 — govulncheck (./tool/actions-plan-preview)

  Full workflow run: https://github.com/pipe-cd/pipecd/actions/runs/23225026408


## Fix approach
   - [ ] Update Go version (if stdlib-related)
   - [ ] Run `go get -u` on affected deps
   - [ ] Re-run `govulncheck ./...` locally
   - [ ] Confirm all pass before merge

   cc @Warashi @khanhtc1202

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix govulncheck failures (9 CVEs in Go dependencies) #6600

Failing modules

Fix approach

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Fix govulncheck failures (9 CVEs in Go dependencies) #6600

Description

Failing modules

Fix approach

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions