Skip to content

fix: CVE-2025-61726 - upgrade go version to >1.25.5#2745

Open
infernus01 wants to merge 1 commit intotektoncd:release-v0.37.3from
infernus01:CVE-2025-61726-v0.37.3
Open

fix: CVE-2025-61726 - upgrade go version to >1.25.5#2745
infernus01 wants to merge 1 commit intotektoncd:release-v0.37.3from
infernus01:CVE-2025-61726-v0.37.3

Conversation

@infernus01
Copy link
Member

@infernus01 infernus01 commented Feb 25, 2026

Changes

Scope of this fix is to address CVE-2025-61726 by upgrading go version above 1.25.5

/kind bug

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

  • Includes tests (if functionality changed/added)
  • Run the code checkers with make check
  • Regenerate the manpages, docs and go formatting with make generated
  • Commit messages follow commit message best practices

See the contribution guide
for more details.

Release Notes

@tekton-robot tekton-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/bug Categorizes issue or PR as related to a bug. labels Feb 25, 2026
@tekton-robot tekton-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Feb 25, 2026
@chmouel
Copy link
Member

chmouel commented Feb 25, 2026

there is no make vendor or something to be done here as well?

@infernus01
Copy link
Member Author

infernus01 commented Feb 25, 2026

I did that - go mod tidy , then go mod vendor, but got nothing from them.

@chmouel
Copy link
Member

chmouel commented Feb 25, 2026

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Feb 25, 2026
@chmouel
Copy link
Member

chmouel commented Feb 25, 2026

/ok-to-test

@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch from 4de15ec to 764ee41 Compare February 26, 2026 07:03
@tekton-robot tekton-robot removed the lgtm Indicates that a PR is ready to be merged. label Feb 26, 2026
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch from 764ee41 to 76f8604 Compare February 26, 2026 07:05
@tekton-robot tekton-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Feb 26, 2026
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch from 76f8604 to 9e24aca Compare February 26, 2026 07:08
@tekton-robot tekton-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Feb 26, 2026
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch 8 times, most recently from 72ccd68 to 27b4793 Compare February 26, 2026 07:54
@tekton-robot tekton-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Feb 26, 2026
@infernus01
fix: CVE-2025-61726 - upgrade go version to >1.25.5
072c676 
Signed-off-by: Shubham Bhardwaj <shubbhar@redhat.com>
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch from 27b4793 to 072c676 Compare February 26, 2026 08:01
@tekton-robot tekton-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Feb 26, 2026
@pratap0007
Copy link
Contributor

pratap0007 commented Feb 26, 2026

/lgtm
/approve

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Feb 26, 2026
@tekton-robot
Copy link
Contributor

tekton-robot commented Feb 26, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: pratap0007
To complete the pull request process, please ask for approval from chmouel after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chmouel chmouel Awaiting requested review from chmouel

@vdemeester vdemeester Awaiting requested review from vdemeester

At least 1 approving review is required to merge this pull request.

Assignees

@chmouel chmouel

@pratap0007 pratap0007

Labels

kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@infernus01 @chmouel @pratap0007 @tekton-robot