Commit 3262382
committed
fix(security): upgrade Go toolchain to 1.25.3 for CVE-2025-58187
Update Go toolchain to address HIGH severity vulnerability CVE-2025-58187
in the Go standard library.
Changes:
- flake.nix: Update from go_1_24 to go_1_25 (provides 1.25.3+)
- go.mod: Update toolchain directive from go1.24.0 to go1.25.3
- Maintain go 1.23.0 language compatibility
The vulnerability affects stdlib versions prior to 1.24.9 and 1.25.3.
This update ensures the project uses the patched toolchain version.
CVE Details:
- Package: stdlib
- Severity: HIGH
- Fixed Versions: 1.24.9, 1.25.3
- Link: CVE-2025-581871 parent d8fd0a7 commit 3262382
2 files changed
Lines changed: 4 additions & 4 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
205 | 205 | | |
206 | 206 | | |
207 | 207 | | |
208 | | - | |
209 | | - | |
| 208 | + | |
| 209 | + | |
210 | 210 | | |
211 | 211 | | |
212 | 212 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | | - | |
| 3 | + | |
4 | 4 | | |
5 | | - | |
| 5 | + | |
6 | 6 | | |
7 | 7 | | |
8 | 8 | | |
| |||
0 commit comments