Skip to content

fix: CVE-2025-61726 - upgrade go version to >1.25.5#2745

Merged
tekton-robot merged 3 commits intotektoncd:release-v0.37.3from
infernus01:CVE-2025-61726-v0.37.3
Mar 11, 2026
Merged

fix: CVE-2025-61726 - upgrade go version to >1.25.5#2745
tekton-robot merged 3 commits intotektoncd:release-v0.37.3from
infernus01:CVE-2025-61726-v0.37.3

Conversation

@infernus01
Copy link
Member

@infernus01 infernus01 commented Feb 25, 2026
edited
Loading

Changes

Scope of this fix is to address CVE-2025-61726 by upgrading go version above 1.25.5

/kind bug
fixes #2716

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

  • Includes tests (if functionality changed/added)
  • Run the code checkers with make check
  • Regenerate the manpages, docs and go formatting with make generated
  • Commit messages follow commit message best practices

See the contribution guide
for more details.

Release Notes

@tekton-robot tekton-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/bug Categorizes issue or PR as related to a bug. labels Feb 25, 2026
@tekton-robot tekton-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Feb 25, 2026
@chmouel
Copy link
Member

chmouel commented Feb 25, 2026

there is no make vendor or something to be done here as well?

@infernus01
Copy link
Member Author

infernus01 commented Feb 25, 2026

I did that - go mod tidy , then go mod vendor, but got nothing from them.

@chmouel
Copy link
Member

chmouel commented Feb 25, 2026

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Feb 25, 2026
@chmouel
Copy link
Member

chmouel commented Feb 25, 2026

/ok-to-test

@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch from 4de15ec to 764ee41 Compare February 26, 2026 07:03
@tekton-robot tekton-robot removed the lgtm Indicates that a PR is ready to be merged. label Feb 26, 2026
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch from 764ee41 to 76f8604 Compare February 26, 2026 07:05
@tekton-robot tekton-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Feb 26, 2026
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch from 76f8604 to 9e24aca Compare February 26, 2026 07:08
@tekton-robot tekton-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Feb 26, 2026
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch 8 times, most recently from 72ccd68 to 27b4793 Compare February 26, 2026 07:54
@tekton-robot tekton-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Feb 26, 2026
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch from 27b4793 to 072c676 Compare February 26, 2026 08:01
@tekton-robot tekton-robot added the size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. label Mar 3, 2026
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch from f715f50 to 222de96 Compare March 3, 2026 05:59
@infernus01
fix: CVE-2025-61726 - upgrade go version to >1.25.5
1dab28d 
Signed-off-by: Shubham Bhardwaj <shubbhar@redhat.com>
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch from 222de96 to b8c519e Compare March 5, 2026 07:56
@pratap0007
Copy link
Contributor

pratap0007 commented Mar 5, 2026

/retest

@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch from b8c519e to 9535209 Compare March 5, 2026 08:31
@pratap0007
Copy link
Contributor

pratap0007 commented Mar 5, 2026

retest

@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch 2 times, most recently from a5a00e2 to 89ecd4f Compare March 6, 2026 08:38
@chmouel
Copy link
Member

chmouel commented Mar 6, 2026

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Mar 6, 2026
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch from 89ecd4f to 62ad0db Compare March 6, 2026 11:28
@tekton-robot tekton-robot removed the lgtm Indicates that a PR is ready to be merged. label Mar 6, 2026
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch 2 times, most recently from b2d104e to 89ecd4f Compare March 6, 2026 12:23
@chmouel
Copy link
Member

chmouel commented Mar 6, 2026

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Mar 6, 2026
@infernus01 @aThorp96
fix: CI and e2e test failures
8975471 
Signed-off-by: Shubham Bhardwaj <shubbhar@redhat.com>
Co-authored-by: Andrew Thorp <andrew.thorp.dev@gmail.com>
@infernus01 infernus01 force-pushed the CVE-2025-61726-v0.37.3 branch from 89ecd4f to 8975471 Compare March 6, 2026 14:15
@tekton-robot tekton-robot removed the lgtm Indicates that a PR is ready to be merged. label Mar 6, 2026
@infernus01 infernus01 closed this Mar 7, 2026
@infernus01 infernus01 reopened this Mar 7, 2026
@pratap0007
Copy link
Contributor

pratap0007 commented Mar 10, 2026

/retest

@vdemeester
Copy link
Member

vdemeester commented Mar 11, 2026

/approve
/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Mar 11, 2026
@tekton-robot
Copy link
Contributor

tekton-robot commented Mar 11, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: pratap0007, vdemeester

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 11, 2026
@tekton-robot tekton-robot merged commit b53b897 into tektoncd:release-v0.37.3 Mar 11, 2026
29 of 33 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chmouel chmouel Awaiting requested review from chmouel

@vdemeester vdemeester Awaiting requested review from vdemeester

Assignees

@vdemeester vdemeester

@chmouel chmouel

@pratap0007 pratap0007

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@infernus01 @chmouel @pratap0007 @aThorp96 @vdemeester @tekton-robot