Skip to content

Update golang + golangci-lint to resolve CVEs #712

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
CodesbyUnnati wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Update golang + golangci-lint to resolve CVEs #712

CodesbyUnnati wants to merge 1 commit into from

Conversation

@CodesbyUnnati
Copy link
Contributor

@CodesbyUnnati CodesbyUnnati commented Jan 17, 2026
edited
Loading

This PR resolves the below CVEs:


┌─────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────┬─────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │  Fixed Version  │                            Title                            │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────┼─────────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2025-61729 │ HIGH     │ fixed  │ v1.25.4           │ 1.24.11, 1.25.5 │ crypto/x509: golang: Denial of Service due to excessive     │
│         │                │          │        │                   │                 │ resource consumption via crafted...                         │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2025-61729                  │
│         ├────────────────┼──────────┤        │                   │                 ├─────────────────────────────────────────────────────────────┤
│         │ CVE-2025-61727 │ MEDIUM   │        │                   │                 │ golang: crypto/x509: excluded subdomain constraint does not │
│         │                │          │        │                   │                 │ restrict wildcard SANs                                      │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2025-61727                  │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────┴─────────────────────────────────────────────────────────────┘

Need to bump the following once their new versions are released, Along with golang 1.25.6-
ytt: v0.52.0
kapp: v0.64.2
kbld: v0.46.0
imgpkg: v0.46.1
kctrl: v0.57.0
vendir: v0.44.0

@CodesbyUnnati
Update golang + golangci-lint
9839038 
Signed-off-by: Unnati Mishra <unnati.mishra@broadcom.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

Carvel
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@CodesbyUnnati