Skip to content

fix: add toolchain go1.25.12 for govulncheck GO-2026-5856#81

Merged
BCook98 merged 1 commit into
mainfrom
fix/govulncheck-go12512
Jul 10, 2026
Merged

fix: add toolchain go1.25.12 for govulncheck GO-2026-5856#81
BCook98 merged 1 commit into
mainfrom
fix/govulncheck-go12512

Conversation

@BCook98

@BCook98 BCook98 commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

The July 9 vuln DB update flags GO-2026-5856 (crypto/tls, fixed in Go 1.25.12) in our Go 1.25.11 toolchain — this turned govulncheck red on dependabot PR #80 after its rebase, and the daily scheduled scan on main will fail the same way.

Adds toolchain go1.25.12 to go.mod. All CI jobs use go-version-file, so they pick up the patched toolchain; the go 1.25.11 directive is unchanged, so the minimum for module consumers doesn't move.

Verified locally: go build ./... and govulncheck ./... → no vulnerabilities found.

🤖 Generated with Claude Code

The July 9 vuln DB update flags crypto/tls in go1.25.11 (fixed in
1.25.12), turning govulncheck red on dependabot PR #80 after its
rebase. The toolchain directive moves CI (all jobs use
go-version-file) to the patched stdlib without raising the go
directive minimum for module consumers.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@BCook98
BCook98 merged commit 7926cab into main Jul 10, 2026
6 checks passed
@BCook98
BCook98 deleted the fix/govulncheck-go12512 branch July 10, 2026 00:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant