Skip to content

fix: resolve cves and upgrade go to 1.25#399

Merged
freeznet merged 4 commits intomainfrom
freeznet/fix-cves-1
Apr 14, 2026
Merged

fix: resolve cves and upgrade go to 1.25#399
freeznet merged 4 commits intomainfrom
freeznet/fix-cves-1

Conversation

@freeznet
Copy link
Copy Markdown
Member

@freeznet freeznet commented Apr 13, 2026

(If this PR fixes a github issue, please add Fixes #<xyz>.)

Fixes #

(or if this PR is one task of a github issue, please add Master Issue: #<xyz> to link to the master issue.)

Master Issue: #

Motivation

Explain here the context, and why you're making that change. What is the problem you're trying to solve.

Modifications

Describe the modifications you've done.

Verifying this change

  • Make sure that the change passes the CI checks.

(Please pick either of the following options)

This change is a trivial rework / code cleanup without any test coverage.

(or)

This change is already covered by existing tests, such as (please describe tests).

(or)

This change added tests and can be verified as follows:

(example:)

  • Added integration tests for end-to-end deployment with large payloads (10MB)
  • Extended integration test for recovery after broker failure

Documentation

Check the box below.

Need to update docs?

  • doc-required

    (If you need help on updating docs, create a doc issue)

  • no-need-doc

    (Please explain why)

  • doc

    (If this PR contains doc changes)

@freeznet freeznet self-assigned this Apr 13, 2026
@freeznet freeznet requested review from a team as code owners April 13, 2026 07:42
Copilot AI review requested due to automatic review settings April 13, 2026 07:42
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 13, 2026

@freeznet:Thanks for your contribution. For this PR, do we need to update docs?
(The PR template contains info about doc, which helps others know more about the changes. Can you provide doc-related info in this and future PR descriptions? Thanks)

@github-actions github-actions Bot added the doc-info-missing This pr needs to mark a document option in description label Apr 13, 2026
Copilot AI reviewed Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR upgrades the repository’s Go toolchain and refreshes Go module dependencies to address security advisories (CVEs).

Changes:

  • Bump Go version to 1.25.9 across go.mod, go.work, CI workflows, and build Dockerfiles.
  • Update Go dependencies (and corresponding go.sum files) in both the root module and tests module.
  • Update GitHub Actions Go setup to use actions/setup-go@v5 with go-version-file: go.work.

Reviewed changes

Copilot reviewed 9 out of 11 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
go.mod Updates Go version and dependency versions to incorporate security fixes.
go.sum Refreshes dependency checksums after module upgrades.
go.work Aligns workspace Go version with the upgraded toolchain.
tests/go.mod Updates Go version and indirect dependencies for the tests module.
tests/go.sum Refreshes dependency checksums for the tests module.
Dockerfile Updates builder image to Go 1.25.9 on Alpine 3.22.
redhat.Dockerfile Updates builder image to Go 1.25.9 on Alpine 3.22.
.github/workflows/style.yml Uses setup-go@v5 and reads Go version from go.work.
.github/workflows/release-operator.yml Uses setup-go@v5 and reads Go version from go.work.
.github/workflows/golangci-lint.yml Uses setup-go@v5 and reads Go version from go.work.
.github/workflows/e2e_test.yml Uses setup-go@v5 and reads Go version from go.work.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread go.mod
@freeznet freeznet merged commit 809a876 into main Apr 14, 2026
5 checks passed
@freeznet freeznet deleted the freeznet/fix-cves-1 branch April 14, 2026 04:31
freeznet added a commit that referenced this pull request Apr 16, 2026
@freeznet
fix: resolve cves and upgrade go to 1.25 (#399)
76223c5 
* build: upgrade Go to 1.25.9 and update dependencies

* chore(release-operator): update Go version and workflow steps

* ci: upgrade golangci-lint to v2.11.4 and update config

* ci(workflows): update golangci-lint action to v7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jiangpengcheng jiangpengcheng jiangpengcheng approved these changes

Assignees

@freeznet freeznet

Labels

doc-info-missing This pr needs to mark a document option in description

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@freeznet @jiangpengcheng