Skip to content

fix: CVE-2025-61729 & CVE-2025-61726 - upgrade go version to >1.25.5#2750

Merged
tekton-robot merged 1 commit intotektoncd:release-v0.42.1from
infernus01:CVE-2025-61729-v0.42.1
Mar 6, 2026
Merged

fix: CVE-2025-61729 & CVE-2025-61726 - upgrade go version to >1.25.5#2750
tekton-robot merged 1 commit intotektoncd:release-v0.42.1from
infernus01:CVE-2025-61729-v0.42.1

Conversation

@infernus01
Copy link
Member

@infernus01 infernus01 commented Feb 26, 2026
edited
Loading

Changes

Scope of this fix is to address CVE-2025-61729 & CVE-2025-61726 by upgrading go version above 1.25.5.

/kind bug
part of #2716

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

  • Includes tests (if functionality changed/added)
  • Run the code checkers with make check
  • Regenerate the manpages, docs and go formatting with make generated
  • Commit messages follow commit message best practices

See the contribution guide
for more details.

Release Notes

@tekton-robot tekton-robot added kind/bug Categorizes issue or PR as related to a bug. release-note Denotes a PR that will be considered when it comes time to generate release notes. labels Feb 26, 2026
@tekton-robot tekton-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Feb 26, 2026
@infernus01 infernus01 mentioned this pull request Feb 26, 2026
Closed
4 tasks
@infernus01 infernus01 force-pushed the CVE-2025-61729-v0.42.1 branch from 35e7ba3 to 50140fe Compare February 26, 2026 08:42
@tekton-robot tekton-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Feb 26, 2026
aThorp96
aThorp96 reviewed Mar 4, 2026
View reviewed changes
@infernus01 infernus01 force-pushed the CVE-2025-61729-v0.42.1 branch 2 times, most recently from 4e19b10 to b7c1097 Compare March 5, 2026 07:18
@tekton-robot tekton-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Mar 5, 2026
@infernus01 infernus01 force-pushed the CVE-2025-61729-v0.42.1 branch from b7c1097 to b514114 Compare March 5, 2026 07:19
@pratap0007
Copy link
Contributor

pratap0007 commented Mar 5, 2026

/ok-to-test

@pratap0007
Copy link
Contributor

pratap0007 commented Mar 5, 2026

/retest

@infernus01 infernus01 force-pushed the CVE-2025-61729-v0.42.1 branch from b514114 to 8d3d44c Compare March 5, 2026 08:10
@infernus01
fix: CVE-2025-61729 & CVE-2025-61726 - upgrade go version to >1.25.5
8eea2e3 
Signed-off-by: Shubham Bhardwaj <shubbhar@redhat.com>
@infernus01 infernus01 force-pushed the CVE-2025-61729-v0.42.1 branch from 8d3d44c to 8eea2e3 Compare March 5, 2026 08:19
@tekton-robot tekton-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Mar 5, 2026
@infernus01
Copy link
Member Author

infernus01 commented Mar 5, 2026

/retest

2 similar comments
@pratap0007
Copy link
Contributor

pratap0007 commented Mar 5, 2026

/retest

@pratap0007
Copy link
Contributor

pratap0007 commented Mar 5, 2026

/retest

@pratap0007
Copy link
Contributor

pratap0007 commented Mar 5, 2026

/lgtm
/approve

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Mar 5, 2026
@tekton-robot
Copy link
Contributor

tekton-robot commented Mar 6, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: pratap0007, vdemeester

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 6, 2026
@tekton-robot tekton-robot merged commit 26347e6 into tektoncd:release-v0.42.1 Mar 6, 2026
23 of 26 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vdemeester vdemeester vdemeester approved these changes

@divyansh42 divyansh42 Awaiting requested review from divyansh42

@pratap0007 pratap0007 Awaiting requested review from pratap0007

+1 more reviewer

@aThorp96 aThorp96 aThorp96 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@pratap0007 pratap0007

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@infernus01 @pratap0007 @tekton-robot @vdemeester @aThorp96