Skip to content

fix: CVE-2025-61729 & CVE-2025-61726 - upgrade go version to >1.25.5#2746

Closed
infernus01 wants to merge 1 commit intotektoncd:release-v0.42.0from
infernus01:CVE-2025-61729-v0.42.0
Closed

fix: CVE-2025-61729 & CVE-2025-61726 - upgrade go version to >1.25.5#2746
infernus01 wants to merge 1 commit intotektoncd:release-v0.42.0from
infernus01:CVE-2025-61729-v0.42.0

Conversation

@infernus01
Copy link
Member

@infernus01 infernus01 commented Feb 25, 2026

Changes

Scope of this fix is to address CVE-2025-61729 & CVE-2025-61726 by upgrading go version above 1.25.5, and cosign/sigstore version to 2.6.2.

/kind bug

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

  • Includes tests (if functionality changed/added)
  • Run the code checkers with make check
  • Regenerate the manpages, docs and go formatting with make generated
  • Commit messages follow commit message best practices

See the contribution guide
for more details.

Release Notes

@infernus01
fix: CVE-2025-61729 & CVE-2025-61726 - upgrade go version to >1.25.5
a476db7 
Signed-off-by: Shubham Bhardwaj <shubbhar@redhat.com>
@tekton-robot tekton-robot added kind/bug Categorizes issue or PR as related to a bug. release-note Denotes a PR that will be considered when it comes time to generate release notes. labels Feb 25, 2026
@tekton-robot
Copy link
Contributor

tekton-robot commented Feb 25, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign vdemeester after the PR has been reviewed.
You can assign the PR to them by writing /assign @vdemeester in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Feb 25, 2026
@divyansh42
Copy link
Member

divyansh42 commented Feb 26, 2026

/ok-to-test

@infernus01 infernus01 closed this Feb 26, 2026
@infernus01
Copy link
Member Author

infernus01 commented Feb 26, 2026

closed in favour of #2750

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@divyansh42 divyansh42 Awaiting requested review from divyansh42

@pratap0007 pratap0007 Awaiting requested review from pratap0007

Assignees

No one assigned

Labels

kind/bug Categorizes issue or PR as related to a bug. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@infernus01 @tekton-robot @divyansh42