Skip to content

Update Go to 1.25.6 to address CVE-2025-61726, CVE-2025-61728, CVE-2025-61730 #266

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jwilder merged 2 commits into from
Feb 3, 2026
Merged

Update Go to 1.25.6 to address CVE-2025-61726, CVE-2025-61728, CVE-2025-61730 #266

jwilder merged 2 commits into from
Feb 3, 2026

Conversation

Copy link
Contributor

Copilot AI commented Feb 3, 2026
edited
Loading

Go 1.25.5 contains three CVEs (two HIGH, one MEDIUM severity) fixed in 1.25.6.

Changes

  • Dockerfile: Update base image to golang:1.25.6
  • go.mod: Bump Go version requirement to 1.25.6

GitHub workflows already reference go-version-file: 'go.mod' and will automatically use the updated version.

Original prompt

This section details on the original issue you should resolve

<issue_title>Vulnerability in Golang v1.25.5</issue_title>
<issue_description>Hello,
there are new vulnerabilities in Go 1.25.5.
Here is a Trivy scan extract:

Package Name Installed Version Fixed Version Vulnerability ID Severity
stdlib v1.25.5 1.24.12, 1.25.6 CVE-2025-61726 HIGH
stdlib v1.25.5 1.24.12, 1.25.6 CVE-2025-61728 HIGH
stdlib v1.25.5 1.24.12, 1.25.6 CVE-2025-61730 MEDIUM

Would it be possible to release a new version based on Go >= 1.25.6 @jwilder ?
Thanks in advance.
</issue_description>

<agent_instructions>Update go to 1.25.6 in Dockerfiles and build tooling. </agent_instructions>

Comments on the Issue (you are @copilot in this section)

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@jwilder
Update Go version from 1.25.5 to 1.25.6
f56be66 
Co-authored-by: jwilder <219935+jwilder@users.noreply.github.com>
Copilot AI changed the title [WIP] Update Go version to 1.25.6 to resolve vulnerabilities Update Go to 1.25.6 to address CVE-2025-61726, CVE-2025-61728, CVE-2025-61730 Feb 3, 2026
Copilot AI requested a review from jwilder February 3, 2026 20:07
@jwilder jwilder marked this pull request as ready for review February 3, 2026 20:15
@jwilder jwilder merged commit 4d8857b into master Feb 3, 2026
1 check passed
@jwilder jwilder deleted the copilot/update-go-to-1-25-6 branch February 3, 2026 20:38
@BrewTestBot BrewTestBot mentioned this pull request Feb 4, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@jwilder jwilder jwilder approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@jwilder jwilder

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Vulnerability in Golang v1.25.5

2 participants

@jwilder