Skip to content

fix: CVE-2025-61726 - upgrade go version to >1.25.5#2745

Open
infernus01 wants to merge 3 commits intotektoncd:release-v0.37.3from
infernus01:CVE-2025-61726-v0.37.3
Open

fix: CVE-2025-61726 - upgrade go version to >1.25.5#2745
infernus01 wants to merge 3 commits intotektoncd:release-v0.37.3from
infernus01:CVE-2025-61726-v0.37.3

Conversation

@infernus01
Copy link
Member

@infernus01 infernus01 commented Feb 25, 2026
edited
Loading

Changes

Scope of this fix is to address CVE-2025-61726 by upgrading go version above 1.25.5

/kind bug
fixes #2716

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

  • Includes tests (if functionality changed/added)
  • Run the code checkers with make check
  • Regenerate the manpages, docs and go formatting with make generated
  • Commit messages follow commit message best practices

See the contribution guide
for more details.

Release Notes

@tekton-robot tekton-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/bug Categorizes issue or PR as related to a bug. labels Feb 25, 2026
@tekton-robot tekton-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Feb 25, 2026
@chmouel
Copy link
Member

chmouel commented Feb 25, 2026

there is no make vendor or something to be done here as well?

@infernus01
Copy link
Member Author

infernus01 commented Feb 25, 2026

I did that - go mod tidy , then go mod vendor, but got nothing from them.

@chmouel
Copy link
Member

chmouel commented Feb 25, 2026

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Feb 25, 2026
@chmouel
Copy link
Member

chmouel commented Feb 25, 2026

/ok-to-test

@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch from 4de15ec to 764ee41 Compare February 26, 2026 07:03
@tekton-robot tekton-robot removed the lgtm Indicates that a PR is ready to be merged. label Feb 26, 2026
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch from 764ee41 to 76f8604 Compare February 26, 2026 07:05
@tekton-robot tekton-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Feb 26, 2026
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch from 76f8604 to 9e24aca Compare February 26, 2026 07:08
@tekton-robot tekton-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Feb 26, 2026
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch 8 times, most recently from 72ccd68 to 27b4793 Compare February 26, 2026 07:54
@tekton-robot tekton-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Feb 26, 2026
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch from 27b4793 to 072c676 Compare February 26, 2026 08:01
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch from 98608c1 to eb1eda2 Compare March 3, 2026 05:31
@tekton-robot tekton-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Mar 3, 2026
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch 2 times, most recently from 5c5a9c2 to f715f50 Compare March 3, 2026 05:53
@tekton-robot tekton-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Mar 3, 2026
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch from f715f50 to 222de96 Compare March 3, 2026 05:59
@infernus01
fix: CVE-2025-61726 - upgrade go version to >1.25.5
1dab28d 
Signed-off-by: Shubham Bhardwaj <shubbhar@redhat.com>
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch from 222de96 to b8c519e Compare March 5, 2026 07:56
@pratap0007
Copy link
Contributor

pratap0007 commented Mar 5, 2026

/retest

@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch from b8c519e to 9535209 Compare March 5, 2026 08:31
@pratap0007
Copy link
Contributor

pratap0007 commented Mar 5, 2026

retest

@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch 2 times, most recently from a5a00e2 to 89ecd4f Compare March 6, 2026 08:38
@chmouel
Copy link
Member

chmouel commented Mar 6, 2026

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Mar 6, 2026
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch from 89ecd4f to 62ad0db Compare March 6, 2026 11:28
@tekton-robot tekton-robot removed the lgtm Indicates that a PR is ready to be merged. label Mar 6, 2026
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch 2 times, most recently from b2d104e to 89ecd4f Compare March 6, 2026 12:23
@chmouel
Copy link
Member

chmouel commented Mar 6, 2026

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Mar 6, 2026
@infernus01 @aThorp96
fix: CI and e2e test failures
8975471 
Signed-off-by: Shubham Bhardwaj <shubbhar@redhat.com>
Co-authored-by: Andrew Thorp <andrew.thorp.dev@gmail.com>
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch from 89ecd4f to 8975471 Compare March 6, 2026 14:15
@tekton-robot tekton-robot removed the lgtm Indicates that a PR is ready to be merged. label Mar 6, 2026
@tekton-robot
Copy link
Contributor

tekton-robot commented Mar 6, 2026

New changes are detected. LGTM label has been removed.

@infernus01 infernus01 closed this Mar 7, 2026
@infernus01 infernus01 reopened this Mar 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chmouel chmouel Awaiting requested review from chmouel

@vdemeester vdemeester Awaiting requested review from vdemeester

At least 1 approving review is required to merge this pull request.

Assignees

@chmouel chmouel

@pratap0007 pratap0007

Labels

kind/bug Categorizes issue or PR as related to a bug. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@infernus01 @chmouel @pratap0007 @tekton-robot @aThorp96