fix: upgrade Go from 1.25.5 to 1.25.6 to patch CVE-2025-61726, CVE-2025-61728, CVE-2025-61730 (#1992)

shibd · web-flow · commit b294ba45a405 · 2026-02-03T18:42:41.000+08:00
Upgrade Go version from 1.25.5 to 1.25.6 to fix multiple CVEs in the standard library: - CVE-2025-61726: net/url package doesn't set a limit on query parameters (DoS) - CVE-2025-61728: archive/zip uses super-linear file name indexing (DoS) - CVE-2025-61730: TLS 1.3 handshake boundary issue (Information Disclosure) Verification: go build completed successfully
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/streamnative/pulsarctl
 
-go 1.25.5
+go 1.25.6
 
 require (
 	github.com/apache/pulsar-client-go v0.18.0-candidate-1.0.20251222030102-3bb7d4eff361
