Upgrade Go to 1.24.11 to fix GO-2025-4155 vulnerability (#815)

tadasant · claude · web-flow · commit 5cc553d1ca25 · 2025-12-04T12:23:14.000+02:00
Prepared by Claude Code, reviewd by me. ## Summary - Upgrade Go from 1.24.9 to 1.24.11 in the main `go.mod` to fix govulncheck CI failure - Upgrade Go from 1.24.7 to 1.24.11 in `deploy/go.mod` for the same vulnerability fix ## Details This PR addresses the failing `govulncheck` check in CI caused by vulnerability **GO-2025-4155**: - **Vulnerability**: Excessive resource consumption when printing error string for host certificate validation in `crypto/x509` - **Found in**: `crypto/x509@go1.24.9` (and earlier versions like go1.24.7) - **Fixed in**: `crypto/x509@go1.24.11` - **More info**: https://pkg.go.dev/vuln/GO-2025-4155 Both Go module files in the repository are updated to 1.24.11 to ensure consistent vulnerability remediation. ## Test plan - [x] CI passes govulncheck after the Go version upgrade 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude <noreply@anthropic.com>
diff --git a/deploy/go.mod b/deploy/go.mod
@@ -1,6 +1,6 @@
 module github.com/modelcontextprotocol/registry/deploy/infra
 
-go 1.24.7
+go 1.24.11
 
 require (
 	github.com/pulumi/pulumi-gcp/sdk/v8 v8.41.1
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/modelcontextprotocol/registry
 
-go 1.24.9
+go 1.24.11
 
 require (
 	cloud.google.com/go/kms v1.23.2
