Skip to content

Upgrade Go to 1.24.11 to fix GO-2025-4155 vulnerability #815

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rdimitrov merged 2 commits into from
Dec 4, 2025
Merged

Upgrade Go to 1.24.11 to fix GO-2025-4155 vulnerability #815

rdimitrov merged 2 commits into from
Dec 4, 2025

Conversation

@tadasant
Copy link
Member

@tadasant tadasant commented Dec 3, 2025
edited
Loading

Prepared by Claude Code, reviewd by me.

Summary

  • Upgrade Go from 1.24.9 to 1.24.11 in the main go.mod to fix govulncheck CI failure
  • Upgrade Go from 1.24.7 to 1.24.11 in deploy/go.mod for the same vulnerability fix

Details

This PR addresses the failing govulncheck check in CI caused by vulnerability GO-2025-4155:

Both Go module files in the repository are updated to 1.24.11 to ensure consistent vulnerability remediation.

Test plan

  • CI passes govulncheck after the Go version upgrade

🤖 Generated with Claude Code

@tadasant @claude
Upgrade Go to 1.24.11 to fix GO-2025-4155
d2df6f8 
Fix govulncheck CI failure caused by vulnerability GO-2025-4155 in
crypto/[email protected]. This vulnerability causes excessive resource
consumption when printing error strings for host certificate validation.

The fix is to upgrade Go from 1.24.9 to 1.24.11 where the issue is
resolved in the standard library.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
@tadasant tadasant marked this pull request as ready for review December 3, 2025 16:48
@tadasant tadasant requested a review from a team December 3, 2025 16:50
@tadasant @claude
Also upgrade Go in deploy/go.mod to 1.24.11
1c24f6c 
The deploy module was on Go 1.24.7 which is also affected by the
GO-2025-4155 vulnerability. Updated to 1.24.11 for consistency
with the main module.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
@rdimitrov rdimitrov merged commit 5cc553d into main Dec 4, 2025
5 checks passed
@rdimitrov rdimitrov deleted the fix/go-1.24.11-vuln branch December 4, 2025 10:23
@BrewTestBot BrewTestBot mentioned this pull request Dec 16, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rdimitrov rdimitrov rdimitrov approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tadasant @rdimitrov