From ddf053d3e61da08b19fd203528ddc1991d257a77 Mon Sep 17 00:00:00 2001
From: Syam Sampatsing <grammatonic@macbookpro.home>
Date: Fri, 5 Dec 2025 01:06:35 +0100
Subject: [PATCH] fix(security): upgrade Go to 1.25.5 to fix CVE-2025-61729

- Update Go version from 1.25.4 to 1.25.5 in Dockerfile.chrome-go
- Fixes HIGH severity vulnerability in stdlib HostnameError.Error()
- Prevents excessive resource consumption from malicious certificates
- Resolves quadratic runtime issue in error string construction

Fixes: CVE-2025-61729
Related: https://github.com/GrammaTonic/github-runner/security/code-scanning/5682
---
 docker/Dockerfile.chrome-go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/Dockerfile.chrome-go b/docker/Dockerfile.chrome-go
index 6c535bd..e248cbc 100644
--- a/docker/Dockerfile.chrome-go
+++ b/docker/Dockerfile.chrome-go
@@ -151,7 +151,7 @@ RUN --mount=type=cache,target=/tmp/npm-cache,uid=0,gid=0 \
 # Use BuildKit cache for Go download
 # Go supports both amd64 and arm64 architectures
 RUN --mount=type=cache,target=/tmp/downloads \
-    GO_VERSION="1.25.4" \
+    GO_VERSION="1.25.5" \
     && case ${TARGETARCH} in \
         "amd64")  GO_ARCH="amd64"  ;; \
         "arm64")  GO_ARCH="arm64"  ;; \