Skip to content

chore: bump up Go to version 1.24.6#2700

Merged
simar7 merged 1 commit intoaquasecurity:mainfrom
afdesk:chore/bump-up-go-1.24.6
Aug 8, 2025
Merged

chore: bump up Go to version 1.24.6#2700
simar7 merged 1 commit intoaquasecurity:mainfrom
afdesk:chore/bump-up-go-1.24.6

Conversation

@afdesk
Copy link
Copy Markdown
Contributor

@afdesk afdesk commented Aug 8, 2025

Description

This PR bumps up Go version to 1.24.6 to fix CVE-2025-47907.

Before:

 trivy i docker.io/aquasecurity/trivy-operator:dev -q --cache-backend memory

Report Summary

┌───────────────────────────────────────────────────────────┬──────────┬─────────────────┬─────────┐
│                          Target                           │   Type   │ Vulnerabilities │ Secrets │
├───────────────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ docker.io/aquasecurity/trivy-operator:dev (alpine 3.22.1) │  alpine  │        0        │    -    │
├───────────────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ usr/local/bin/trivy-operator                              │ gobinary │        1        │    -    │
└───────────────────────────────────────────────────────────┴──────────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


usr/local/bin/trivy-operator (gobinary)

Total: 1 (UNKNOWN: 1, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │  Fixed Version  │                            Title                             │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2025-47907 │ UNKNOWN  │ fixed  │ v1.24.4           │ 1.23.12, 1.24.6 │ Cancelling a query (e.g. by cancelling the context passed to │
│         │                │          │        │                   │                 │ one of...                                                    │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2025-47907                   │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────┴──────────────────────────────────────────────────────────────┘

After:

$ trivy i docker.io/aquasecurity/trivy-operator:dev -q

Report Summary

┌───────────────────────────────────────────────────────────┬──────────┬─────────────────┬─────────┐
│                          Target                           │   Type   │ Vulnerabilities │ Secrets │
├───────────────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ docker.io/aquasecurity/trivy-operator:dev (alpine 3.22.1) │  alpine  │        0        │    -    │
├───────────────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ usr/local/bin/trivy-operator                              │ gobinary │        0        │    -    │
└───────────────────────────────────────────────────────────┴──────────┴─────────────────┴─────────┘

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@github-actions github-actions bot added the misc label Aug 8, 2025
@afdesk afdesk marked this pull request as ready for review August 8, 2025 05:39
@afdesk afdesk requested a review from simar7 as a code owner August 8, 2025 05:39
@simar7 simar7 merged commit d7ef9a7 into aquasecurity:main Aug 8, 2025
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@simar7 simar7 simar7 approved these changes

Assignees

No one assigned

Labels

misc

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@afdesk @simar7