Skip to content

Update Go version to 1.24.10 #33

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 21, 2025
Merged

Update Go version to 1.24.10 #33

merged 1 commit into from
Nov 21, 2025

Conversation

@aalbertjay
Copy link
Contributor

@aalbertjay aalbertjay commented Nov 12, 2025
edited
Loading

Go 1.24.0 contains 6 high CVEs that have been mitigated in 1.24.10. This binary is included in the k8s-datadog-agent-ops image and was flagged at the PR stage here.

commit-headless (gobinary)

Total: 6 (HIGH: 6, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │  Fixed Version  │                            Title                             │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2025-22874 │ HIGH     │ fixed  │ v1.24.0           │ 1.24.4          │ crypto/x509: Usage of ExtKeyUsageAny disables policy         │
│         │                │          │        │                   │                 │ validation in crypto/x509                                    │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2025-22874                   │
│         ├────────────────┤          │        │                   ├─────────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-47907 │          │        │                   │ 1.23.12, 1.24.6 │ database/sql: Postgres Scan Race Condition                   │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2025-47907                   │
│         ├────────────────┤          │        │                   ├─────────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-58183 │          │        │                   │ 1.24.8, 1.25.2  │ golang: archive/tar: Unbounded allocation when parsing GNU   │
│         │                │          │        │                   │                 │ sparse map                                                   │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2025-58183                   │
│         ├────────────────┤          │        │                   │                 ├──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-58186 │          │        │                   │                 │ Despite HTTP headers having a default limit of 1MB, the      │
│         │                │          │        │                   │                 │ number of...                                                 │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2025-58186                   │
│         ├────────────────┤          │        │                   ├─────────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-58187 │          │        │                   │ 1.24.9, 1.25.3  │ Due to the design of the name constraint checking algorithm, │
│         │                │          │        │                   │                 │ the proce...                                                 │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2025-58187                   │
│         ├────────────────┤          │        │                   ├─────────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-58188 │          │        │                   │ 1.24.8, 1.25.2  │ Validating certificate chains which contain DSA public keys  │
│         │                │          │        │                   │                 │ can cause ......                                             │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2025-58188                   │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────┴──────────────────────────────────────────────────────────────┘

@aalbertjay
Copy link
Contributor Author

aalbertjay commented Nov 12, 2025

/merge

@dd-devflow-routing-codex
Copy link

dd-devflow-routing-codex bot commented Nov 12, 2025
edited
Loading

View all feedbacks in Devflow UI.

2025-11-12 21:24:20 UTC ℹ️ Start processing command /merge

2025-11-12 21:24:25 UTC ℹ️ MergeQueue: waiting for PR to be ready

This pull request is not mergeable according to GitHub. Common reasons include pending required checks, missing approvals, or merge conflicts — but it could also be blocked by other repository rules or settings.
It will be added to the queue as soon as checks pass and/or get approvals.
Note: if you pushed new commits since the last approval, you may need additional approval.
You can remove it from the waiting list with /remove command.

2025-11-13 01:25:10 UTC ⚠️ MergeQueue: This merge request was unqueued

devflow unqueued this merge request: It did not become mergeable within the expected time

@avidal avidal force-pushed the albert.wang/bump-go-version branch from 30165c4 to d415299 Compare November 21, 2025 14:58
@avidal avidal merged commit ec14561 into main Nov 21, 2025
3 checks passed
@avidal avidal deleted the albert.wang/bump-go-version branch November 21, 2025 14:58
github-actions bot added a commit that referenced this pull request Nov 21, 2025
@github-actions
action: Update Go version to 1.24.10 (#33)
9615efd 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@avidal avidal avidal approved these changes

Assignees

No one assigned

Labels

mergequeue-status: removed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aalbertjay @avidal