Update Go to v1.24.10 for release-1.34

[hakman]

node-problem-detector (gobinary)

Total: 10 (LOW: 0, MEDIUM: 6, HIGH: 4, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                            Title                             │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2025-58183 │ HIGH     │ fixed  │ v1.24.7           │ 1.24.8, 1.25.2 │ golang: archive/tar: Unbounded allocation when parsing GNU   │
│         │                │          │        │                   │                │ sparse map                                                   │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-58183                   │
│         ├────────────────┤          │        │                   │                ├──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-58186 │          │        │                   │                │ Despite HTTP headers having a default limit of 1MB, the      │
│         │                │          │        │                   │                │ number of...                                                 │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-58186                   │
│         ├────────────────┤          │        │                   ├────────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-58187 │          │        │                   │ 1.24.9, 1.25.3 │ Due to the design of the name constraint checking algorithm, │
│         │                │          │        │                   │                │ the proce...                                                 │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-58187                   │
│         ├────────────────┤          │        │                   ├────────────────┼──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-58188 │          │        │                   │ 1.24.8, 1.25.2 │ Validating certificate chains which contain DSA public keys  │
│         │                │          │        │                   │                │ can cause ......                                             │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-58188                   │
│         ├────────────────┼──────────┤        │                   │                ├──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-47912 │ MEDIUM   │        │                   │                │ net/url: Insufficient validation of bracketed IPv6 hostnames │
│         │                │          │        │                   │                │ in net/url                                                   │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-47912                   │
│         ├────────────────┤          │        │                   │                ├──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-58185 │          │        │                   │                │ encoding/asn1: Parsing DER payload can cause memory          │
│         │                │          │        │                   │                │ exhaustion in encoding/asn1                                  │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-58185                   │
│         ├────────────────┤          │        │                   │                ├──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-58189 │          │        │                   │                │ crypto/tls: go crypto/tls ALPN negotiation error contains    │
│         │                │          │        │                   │                │ attacker controlled information                              │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-58189                   │
│         ├────────────────┤          │        │                   │                ├──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-61723 │          │        │                   │                │ encoding/pem: Quadratic complexity when parsing some invalid │
│         │                │          │        │                   │                │ inputs in encoding/pem                                       │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-61723                   │
│         ├────────────────┤          │        │                   │                ├──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-61724 │          │        │                   │                │ net/textproto: Excessive CPU consumption in                  │
│         │                │          │        │                   │                │ Reader.ReadResponse in net/textproto                         │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-61724                   │
│         ├────────────────┤          │        │                   │                ├──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-61725 │          │        │                   │                │ net/mail: Excessive CPU consumption in ParseAddress in       │
│         │                │          │        │                   │                │ net/mail                                                     │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2025-61725                   │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴──────────────────────────────────────────────────────────────┘

/cc @SergeyKanzhelev @wangzhen127

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hakman

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [hakman]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[hakman]

/retest

[SergeyKanzhelev]

change lgtm

what is the motivation? Some CVE?

[SergeyKanzhelev]

Test fails with cgroupv1 error:

Nov 12 12:19:21.490717 e2e-6bd06b654e-80e1a-minion-group-gp99 kubelet[4756]: E1112 12:19:21.474821    4756 run.go:72] "command failed" err="failed to validate kubelet configuration, error: kubelet is configured to not run on a host using cgroup v1. cgroup v1 support is unsupported and will be removed in a future release, path: &TypeMeta{Kind:,APIVersion:,}"

This is strange as I have added this flag: https://github.com/kubernetes/test-infra/blob/f89f8b76ce46e8f1e9c70cba16e4d2cbdd347e98/config/jobs/kubernetes/node-problem-detector/node-problem-detector-presubmits.yaml#L319

[SergeyKanzhelev]

maybe it was the wrong way to set the flag. I will try to find time to investigate later

[hakman]

@SergeyKanzhelev let's merge an iterate on the flag separately.
/override pull-npd-e2e-kubernetes-gce-ubuntu
/override pull-npd-e2e-kubernetes-gce-ubuntu-custom-flags

[hakman]

what is the motivation? Some CVE?

Yes... someone pinged me and asked for a bump.

[hakman]

Looks like we may heed something like kubernetes/test-infra#35907 merged first.

[hakman]

/retest

[k8s-ci-robot]

@hakman: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-npd-e2e-kubernetes-gce-ubuntu	fd24ded	link	true	/test pull-npd-e2e-kubernetes-gce-ubuntu
pull-npd-e2e-kubernetes-gce-ubuntu-custom-flags	fd24ded	link	true	/test pull-npd-e2e-kubernetes-gce-ubuntu-custom-flags

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.