Skip to content

Bump Go to 1.25.10 to address several CVEs#129

Merged
gh-worker-dd-mergequeue-cf854d[bot] merged 2 commits into
mainfrom
francesco.infante/bump-go-1.25.10
Jun 3, 2026
Merged

Bump Go to 1.25.10 to address several CVEs#129
gh-worker-dd-mergequeue-cf854d[bot] merged 2 commits into
mainfrom
francesco.infante/bump-go-1.25.10

Conversation

@francescoinfante

@francescoinfante francescoinfante commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

From Grype:

NAME                     INSTALLED       FIXED IN                 TYPE       VULNERABILITY        SEVERITY  EPSS           RISK
stdlib                   go1.25.9        *1.25.10, 1.26.3         go-module  CVE-2026-39820       High      < 0.1% (17th)  < 0.1
stdlib                   go1.25.9        *1.25.10, 1.26.3         go-module  CVE-2026-42499       High      < 0.1% (6th)   < 0.1
stdlib                   go1.25.9        *1.25.10, 1.26.3         go-module  CVE-2026-39836       High      < 0.1% (5th)   < 0.1
stdlib                   go1.25.9        *1.25.10, 1.26.3         go-module  CVE-2026-33814       High      < 0.1% (5th)   < 0.1
stdlib                   go1.25.9        *1.25.10, 1.26.3         go-module  CVE-2026-33811       High      < 0.1% (4th)   < 0.1
stdlib                   go1.25.9        *1.25.10, 1.26.3         go-module  CVE-2026-42501       High      < 0.1% (0th)   < 0.1

Copilot AI review requested due to automatic review settings June 3, 2026 12:14
@francescoinfante francescoinfante requested review from a team and AlexandreYang as code owners June 3, 2026 12:14
@datadog-datadog-prod-us1

This comment has been minimized.

Sign in to view
Copilot AI reviewed Jun 3, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the repository’s Go version pin to address reported stdlib CVEs by moving to a patched Go release.

Changes:

  • Bump the pinned Go version in .go-version from 1.25.9 to 1.25.10.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .go-version
@francescoinfante francescoinfante changed the title Bump Go toolchain to 1.25.10 to address several CVEs Bump Go to 1.25.10 to address several CVEs Jun 3, 2026
@francescoinfante

francescoinfante commented Jun 3, 2026

Copy link
Copy Markdown
Contributor Author

/remove

@gh-worker-devflow-routing-ef8351

gh-worker-devflow-routing-ef8351 Bot commented Jun 3, 2026
edited
Loading

Copy link
Copy Markdown

View all feedbacks in Devflow UI.

2026-06-03 13:35:45 UTC ℹ️ Start processing command /remove

2026-06-03 13:35:51 UTC ℹ️ Devflow: /remove

@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot merged commit 645ab7e into main Jun 3, 2026
20 checks passed
@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot deleted the francesco.infante/bump-go-1.25.10 branch June 3, 2026 16:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@kalinichenko kalinichenko kalinichenko approved these changes

@SKYWy SKYWy SKYWy approved these changes

@AlexandreYang AlexandreYang Awaiting requested review from AlexandreYang AlexandreYang is a code owner

Assignees

No one assigned

Labels

mergequeue-status: done

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@francescoinfante @kalinichenko @SKYWy