Skip to content

Commit 3262382

Browse files
committed
fix(security): upgrade Go toolchain to 1.25.3 for CVE-2025-58187
Update Go toolchain to address HIGH severity vulnerability CVE-2025-58187 in the Go standard library. Changes: - flake.nix: Update from go_1_24 to go_1_25 (provides 1.25.3+) - go.mod: Update toolchain directive from go1.24.0 to go1.25.3 - Maintain go 1.23.0 language compatibility The vulnerability affects stdlib versions prior to 1.24.9 and 1.25.3. This update ensures the project uses the patched toolchain version. CVE Details: - Package: stdlib - Severity: HIGH - Fixed Versions: 1.24.9, 1.25.3 - Link: CVE-2025-58187
1 parent d8fd0a7 commit 3262382

2 files changed

Lines changed: 4 additions & 4 deletions

File tree

flake.nix

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -205,8 +205,8 @@
205205
packages =
206206
with pkgs;
207207
[
208-
# Go toolchain
209-
go_1_24
208+
# Go toolchain (using 1.25.3+ for CVE-2025-58187 fix)
209+
go_1_25
210210
gopls
211211
gotools
212212
go-tools

go.mod

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
module github.com/thpham/gitlab-runner-kubevirt
22

3-
go 1.23.0
3+
go 1.23.0 // Uses Go 1.23 language features
44

5-
toolchain go1.24.0
5+
toolchain go1.25.3 // Builds with Go 1.25.3 compiler (has CVE fix)
66

77
require (
88
barney.ci/shutil v0.1.0

0 commit comments

Comments
 (0)