OADP-7565,OADP-7570,OADP-7573: Go 1.25.8 + x/* dependency bumps#328
OADP-7565,OADP-7570,OADP-7573: Go 1.25.8 + x/* dependency bumps#328kaovilai wants to merge 1 commit intomigtools:oadp-1.5from
Conversation
Update Go toolchain to 1.25.8 to address: - GO-2026-4337, GO-2026-4340: crypto/tls - GO-2026-4341: net/url - GO-2026-4342: archive/zip - CVE-2026-25679: net/url IPv6 host parsing - CVE-2026-27137: crypto/x509 email constraints Bump golang.org/x/* dependencies: - x/net v0.52.0 (fixes GHSA-vvgc-356p-c3xw, XSS in HTML tokenizer) - x/sync v0.20.0, x/sys v0.42.0, x/text v0.35.0, x/term v0.41.0 Update Dockerfile to golang:1.25.8 and konflux.Dockerfile to rhel_9_golang_1.25. Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering>
|
@kaovilai: This pull request references OADP-7565 which is a valid jira issue. This pull request references OADP-7570 which is a valid jira issue. This pull request references OADP-7573 which is a valid jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
📝 Coding Plan
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
There was a problem hiding this comment.
Pull request overview
Updates the project’s Go toolchain and container build images to a newer Go release, along with bumping golang.org/x/* module dependencies to pick up security fixes and stay current with supported versions.
Changes:
- Update
go.modto Go 1.25.x (includingtoolchain) and bumpgolang.org/x/*module versions. - Refresh
go.sumchecksums for the updated module versions. - Update container build images in
Dockerfileandkonflux.Dockerfileto Go 1.25-based builders.
Reviewed changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
go.mod |
Moves module go/toolchain to 1.25.x and bumps golang.org/x/* requirements. |
go.sum |
Updates sums to match the new golang.org/x/* module versions. |
Dockerfile |
Switches builder image to golang:1.25.8. |
konflux.Dockerfile |
Switches Konflux builder image to rhel_9_golang_1.25. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| golang.org/x/text v0.35.0 // indirect | ||
| golang.org/x/time v0.9.0 // indirect | ||
| golang.org/x/tools v0.33.0 // indirect | ||
| golang.org/x/tools v0.42.0 // indirect |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: kaovilai, mpryc The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Summary
golang.org/x/*dependencies to latest (x/net v0.52.0, x/sync v0.20.0, x/sys v0.42.0, x/text v0.35.0, x/term v0.41.0)golang:1.25.8and konflux.Dockerfile torhel_9_golang_1.25CVEs Addressed
Go Toolchain (1.25.8)
golang.org/x/* Dependencies
Jira
Test plan
go build ./...passes locallyNote
Responses generated with Claude