Update Go version to 1.25.5 to address CVE-2025-61729 (#3682)

navinms711 · web-flow · commit b180ff0f6153 · 2026-01-14T14:48:06.000-08:00
CVE-2025-61729 (GO-2025-4155) is a high-severity vulnerability affecting Go versions < 1.24.11 and 1.25.0-1.25.4. The vulnerability causes excessive resource consumption in printing error strings for host certificate validation. This commit updates the Go version from 1.25.4 to 1.25.5, which includes the fix for this CVE. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-61729
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module code.cloudfoundry.org/cli/v9
 
-go 1.25.4
+go 1.25.5
 
 require (
 	code.cloudfoundry.org/bytefmt v0.60.0
