Skip to content

Bump Go toolchain to 1.26.2 for CVE fix#3336

Merged
rossnelson merged 2 commits intomainfrom
dt-3889-bump-go-version-cve
Apr 22, 2026
Merged

Bump Go toolchain to 1.26.2 for CVE fix#3336
rossnelson merged 2 commits intomainfrom
dt-3889-bump-go-version-cve

Conversation

@rossnelson
Copy link
Copy Markdown
Collaborator

@rossnelson rossnelson commented Apr 21, 2026
edited
Loading

Summary

  • server/Dockerfile: golang:1.25.7-alpine3.23golang:1.26.2-alpine3.23 (both builder stages)
  • server/go.mod: go 1.24.11go 1.26.2
  • .tool-versions: golang 1.24.11golang 1.26.2

Addresses known CVEs in Go 1.25.7 and 1.26.1 affecting the ui:2.48.4 image and the bundled CLI.

Test plan

  • CI test.yml shows Setup Go resolved to 1.26.2
  • CI playwright.yml green
  • grep -c 'golang:1.26.2-alpine3.23' server/Dockerfile prints 2
  • Post-merge: security scan no longer reports Go 1.25.7 / 1.26.1 CVEs on the ui image

@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 21, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
holocene Ready Ready Preview, Comment Apr 22, 2026 3:19pm

Request Review

@rossnelson rossnelson changed the title [DT-3889] Bump Go toolchain to 1.26.2 for CVE fix Bump Go toolchain to 1.26.2 for CVE fix Apr 21, 2026
@rossnelson rossnelson force-pushed the dt-3889-bump-go-version-cve branch from cad4696 to be6110f Compare April 22, 2026 14:34
@rossnelson rossnelson force-pushed the dt-3889-bump-go-version-cve branch from be6110f to da5c738 Compare April 22, 2026 15:06
@rossnelson rossnelson marked this pull request as ready for review April 22, 2026 15:16
@rossnelson rossnelson requested a review from a team as a code owner April 22, 2026 15:16
@rossnelson rossnelson merged commit fccd87f into main Apr 22, 2026
17 checks passed
@rossnelson rossnelson deleted the dt-3889-bump-go-version-cve branch April 22, 2026 15:46
@temporal-cicd temporal-cicd Bot mentioned this pull request Apr 22, 2026
Merged
rossnelson added a commit that referenced this pull request Apr 22, 2026
@temporal-cicd @rossnelson
chore: bump version to 2.49.1 (#3341)
c2c5834 
Auto-generated version bump from 2.49.0 to 2.49.1

Bump type: patch

Changes included:
- [`fccd87f9`](fccd87f) Bump Go toolchain to 1.26.2 for CVE fix (#3336)
- [`0361e3e9`](0361e3e) Add manual refresh of call stack (#3330)
- [`17293020`](1729302) refactor: move fetchDeployment into Deployment component (#3340)

Co-authored-by: rossnelson <146089+rossnelson@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rodrigozhou rodrigozhou rodrigozhou approved these changes

@rossedfort rossedfort rossedfort approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rossnelson @rodrigozhou @rossedfort