Skip to content

chore: 1.25.5 CVE fix #2740

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
miparnisari merged 1 commit into from
Dec 3, 2025
Merged

chore: 1.25.5 CVE fix #2740

miparnisari merged 1 commit into from
Dec 3, 2025

Conversation

@tstirrat15
Copy link
Contributor

@tstirrat15 tstirrat15 commented Dec 2, 2025

Description

Another day, another go stdlib CVE blocking our pipeline: https://github.com/authzed/spicedb/actions/runs/19871886409/job/56949506143?pr=2729

Changes

  • Bump golang version in all of the places

Testing

Review.

@tstirrat15 tstirrat15 requested a review from a team as a code owner December 2, 2025 20:22
@github-actions github-actions bot added area/dependencies Affects dependencies area/tooling Affects the dev or user toolchain (e.g. tests, ci, build tools) labels Dec 2, 2025
@codecov
Copy link

codecov bot commented Dec 2, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.01%. Comparing base (dad989c) to head (4883b55).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2740      +/-   ##
==========================================
- Coverage   77.07%   77.01%   -0.05%     
==========================================
  Files         466      466              
  Lines       49199    49199              
==========================================
- Hits        37914    37888      -26     
- Misses       8502     8519      +17     
- Partials     2783     2792       +9

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

tstirrat15
tstirrat15 commented Dec 2, 2025
View reviewed changes
e2e/go.mod
github.com/jzelinskie/stringz v0.0.3 // indirect
github.com/mattn/go-colorable v0.1.14 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/odigos-io/go-rtml v0.0.1 // indirect
Copy link
Contributor Author

@tstirrat15 tstirrat15 Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was something where we hadn't run go mod tidy after merging #2734

Copy link
Contributor

@miparnisari miparnisari Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i thought we had a linter for this :[

Copy link
Contributor Author

@tstirrat15 tstirrat15 Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It may not run in this dir.

@tstirrat15 tstirrat15 added this pull request to the merge queue Dec 2, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Dec 2, 2025
@miparnisari miparnisari added this pull request to the merge queue Dec 3, 2025
Merged via the queue into main with commit 5cc0e5e Dec 3, 2025
45 checks passed
@miparnisari miparnisari deleted the 1.25.5-cve-fix branch December 3, 2025 16:43
@github-actions github-actions bot locked and limited conversation to collaborators Dec 3, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@miparnisari miparnisari miparnisari approved these changes

Assignees

No one assigned

Labels

area/dependencies Affects dependencies area/tooling Affects the dev or user toolchain (e.g. tests, ci, build tools)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tstirrat15 @miparnisari