fix(security): upgrade Go to 1.25.5 to fix CVE-2025-61729#1073
fix(security): upgrade Go to 1.25.5 to fix CVE-2025-61729#1073GrammaTonic merged 1 commit intomainfrom
Conversation
- Update Go version from 1.25.4 to 1.25.5 in Dockerfile.chrome-go - Fixes HIGH severity vulnerability in stdlib HostnameError.Error() - Prevents excessive resource consumption from malicious certificates - Resolves quadratic runtime issue in error string construction Fixes: CVE-2025-61729 Related: https://github.com/GrammaTonic/github-runner/security/code-scanning/5682
Summary of ChangesHello @GrammaTonic, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request implements a critical security update by upgrading the Go version used in the Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request correctly upgrades the Go version to 1.25.5 in docker/Dockerfile.chrome-go to mitigate the security vulnerability CVE-2025-61729. The change is accurate and necessary. While the change in this PR is correct, I've identified that the old Go version 1.25.4 is still referenced in other parts of the repository, which could cause inconsistencies. Specifically, docker/docker-compose.chrome-go.yml sets a default GO_VERSION environment variable to 1.25.4, and docs/features/MULTI_ARCH_CONTAINERS.md references GO_VERSION=1.25.4 in a code example. To ensure consistency and prevent potential issues, I recommend updating these references to 1.25.5 in a follow-up pull request. Apart from this observation, the current change is good to go.
Back-sync after PR #1073 (CVE-2025-61729 security fix) was merged to main. This prevents develop from appearing ahead of main and ensures branches stay synchronized.
1 participant
📋 Pull Request Description
🔀 Merge Strategy
This repository uses SQUASH MERGE as the standard merge strategy.
Summary
This PR fixes CVE-2025-61729, a HIGH severity security vulnerability in Go's standard library affecting version 1.25.4. This is a focused security fix with minimal changes.
Type of Change
Related Issues
🔄 Changes Made
Files Modified
docker/Dockerfile.chrome-go- Updated Go version from 1.25.4 to 1.25.5 (1 line change)Key Changes
Vulnerability Details
🧪 Testing
Testing Performed
Test Coverage
🔒 Security Considerations
📚 Documentation
🚀 Deployment Notes
✅ Checklist
Note for Reviewers:
This is a critical security fix that should be merged and deployed promptly. The change is minimal (single line) and low-risk, upgrading Go to the patched version that resolves CVE-2025-61729. This PR contains ONLY the security fix, unlike PR #1072 which inadvertently included unrelated changes.