Update Go version to 1.25.5 to address CVE-2025-61729 (cloudfoundry#3682)

navinms711 · prkalle · commit a4ecccc97d98 · 2026-01-23T09:47:00.000-08:00
CVE-2025-61729 (GO-2025-4155) is a high-severity vulnerability affecting Go versions < 1.24.11 and 1.25.0-1.25.4. The vulnerability causes excessive resource consumption in printing error strings for host certificate validation. This commit updates the Go version from 1.25.4 to 1.25.5, which includes the fix for this CVE. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-61729
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module code.cloudfoundry.org/cli
 
-go 1.25.0
+go 1.25.5
 
 require (
 	code.cloudfoundry.org/bytefmt v0.54.0
