You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
chore(ci): DSPX- 2960 - bump Go toolchain to 1.25.9 to fix govulncheck reported vulnerabilities (#3390)
## Summary
Bumps the Go toolchain from `go1.25.8` to `go1.25.9` to resolve 4
standard library vulnerabilities flagged by `govulncheck`:
| CVE | Package | Description |
|-----|---------|-------------|
| GO-2026-4947 | `crypto/x509` | Unexpected work during chain building |
| GO-2026-4946 | `crypto/x509` | Inefficient policy validation |
| GO-2026-4870 | `crypto/tls` | Unauthenticated TLS 1.3 KeyUpdate causes
DoS |
| GO-2026-4865 | `html/template` | XSS via JsBraceDepth context tracking
|
No code changes required — this is a patch release with no breaking
changes.
Vulns were initially reported in opentdf/otdfctl and PR submitted as
opentdf/otdfctl#796
## Test plan
- [x] target vulnerabilities are solved, `govulncheck` step passes in CI
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated Go toolchain to version 1.25.9 across all project modules and
CI/CD infrastructure.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
0 commit comments