You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix: update Go toolchain to 1.24.6 to resolve GO-2025-3849 vulnerability (#2311)
Updates the Go toolchain version from `go1.24.4` to `go1.24.6` to
address the security vulnerability GO-2025-3849 in the standard
library's `database/sql` package.
## Vulnerability Details
- **ID**: GO-2025-3849
- **Package**: `database/sql` (standard library)
- **Issue**: Incorrect results returned from `Rows.Scan`
- **Affected version**: go1.24.4 and earlier
- **Fixed in**: go1.24.6
## Impact
The vulnerability affects the PostgreSQL indexer functionality in
celestia-core, specifically:
- `./state/indexer/sink/psql/psql.go`
- `./state/indexer/sink/psql/psql_test.go`
## Changes
- Updated `toolchain go1.24.4` to `toolchain go1.24.6` in `go.mod`
This is a minimal, surgical change that resolves the security
vulnerability while maintaining full backward compatibility. All tests
pass and the build system works correctly with the updated toolchain.
Fixes#2310.
> [!WARNING]
>
> <details>
> <summary>Firewall rules blocked me from connecting to one or more
addresses</summary>
>
> #### I tried to connect to the following addresses, but was blocked by
firewall rules:
>
> - `vuln.go.dev`
> - Triggering command: `/home/REDACTED/go/bin/govulncheck ./...` (dns
block)
>
> If you need me to access, download, or install something from one of
these locations, you can either:
>
> - Configure [Actions setup
steps](https://gh.io/copilot/actions-setup-steps) to set up my
environment, which run before the firewall is enabled
> - Add the appropriate URLs or hosts to the custom allowlist in this
repository's [Copilot coding agent
settings](https://github.com/celestiaorg/celestia-core/settings/copilot/coding_agent)
(admins only)
>
> </details>
<!-- START COPILOT CODING AGENT TIPS -->
---
💬 Share your feedback on Copilot coding agent for the chance to win a
$200 gift card! Click
[here](https://survey.alchemer.com/s3/8343779/Copilot-Coding-agent) to
start the survey.
---------
Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: rach-id <[email protected]>
0 commit comments