Skip to content

Commit 50140fe

Browse files
infernus01infernus01
committed
fix: CVE-2025-61729 & CVE-2025-61726 - upgrade go version to >1.25.5
Signed-off-by: Shubham Bhardwaj <shubbhar@redhat.com>
1 parent e3c8b70 commit 50140fe

6 files changed

Lines changed: 24 additions & 10 deletions

File tree

.github/workflows/ci.yaml

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,12 @@
11
name: ci
22

3-
on: [pull_request] # yamllint disable-line rule:truthy
3+
on: # yamllint disable-line rule:truthy
4+
pull-request:
5+
- main
6+
- release-*
7+
push:
8+
- main
9+
- release-*
410

511
concurrency:
612
group: ${{ github.workflow }}-${{ github.event.pull-request.number || github.ref }}

.github/workflows/codeql-analysis.yml

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,14 +16,18 @@ permissions:
1616

1717
on:
1818
push:
19-
branches: [main]
19+
branches:
20+
- main
21+
- release-*
2022
paths-ignore:
2123
- '**/*.md'
2224
- '**/*.txt'
2325
- '**/*.yaml'
2426
pull_request:
2527
# The branches below must be a subset of the branches above
26-
branches: [main]
28+
branches:
29+
- main
30+
- release-*
2731
paths-ignore:
2832
- '**/*.md'
2933
- '**/*.txt'

go.mod

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
module github.com/tektoncd/cli
22

3-
go 1.25.5
3+
go 1.25.6
44

55
require (
66
github.com/AlecAivazis/survey/v2 v2.3.7
@@ -20,7 +20,7 @@ require (
2020
github.com/mitchellh/go-homedir v1.1.0
2121
github.com/pkg/errors v0.9.1
2222
github.com/sigstore/cosign/v2 v2.6.2
23-
github.com/sigstore/sigstore v1.10.3
23+
github.com/sigstore/sigstore v1.10.4
2424
github.com/spf13/cobra v1.10.2
2525
github.com/spf13/pflag v1.0.10
2626
github.com/tektoncd/chains v0.26.0

go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1180,8 +1180,8 @@ github.com/sigstore/rekor v1.4.3 h1:2+aw4Gbgumv8vYM/QVg6b+hvr4x4Cukur8stJrVPKU0=
11801180
github.com/sigstore/rekor v1.4.3/go.mod h1:o0zgY087Q21YwohVvGwV9vK1/tliat5mfnPiVI3i75o=
11811181
github.com/sigstore/rekor-tiles/v2 v2.0.1 h1:1Wfz15oSRNGF5Dzb0lWn5W8+lfO50ork4PGIfEKjZeo=
11821182
github.com/sigstore/rekor-tiles/v2 v2.0.1/go.mod h1:Pjsbhzj5hc3MKY8FfVTYHBUHQEnP0ozC4huatu4x7OU=
1183-
github.com/sigstore/sigstore v1.10.3 h1:s7fBYYOzW/2Vd0nND2ZdpWySb5vRF2u9eix/NZMHJm0=
1184-
github.com/sigstore/sigstore v1.10.3/go.mod h1:T26vXIkpnGEg391v3TaZ8EERcXbnjtZb/1erh5jbIQk=
1183+
github.com/sigstore/sigstore v1.10.4 h1:ytOmxMgLdcUed3w1SbbZOgcxqwMG61lh1TmZLN+WeZE=
1184+
github.com/sigstore/sigstore v1.10.4/go.mod h1:tDiyrdOref3q6qJxm2G+JHghqfmvifB7hw+EReAfnbI=
11851185
github.com/sigstore/sigstore-go v1.1.4 h1:wTTsgCHOfqiEzVyBYA6mDczGtBkN7cM8mPpjJj5QvMg=
11861186
github.com/sigstore/sigstore-go v1.1.4/go.mod h1:2U/mQOT9cjjxrtIUeKDVhL+sHBKsnWddn8URlswdBsg=
11871187
github.com/sigstore/sigstore/pkg/signature/kms/aws v1.10.3 h1:D/FRl5J9UYAJPGZRAJbP0dH78pfwWnKsyCSBwFBU8CI=

vendor/github.com/sigstore/sigstore/pkg/tuf/client.go

Lines changed: 6 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/modules.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1380,7 +1380,7 @@ github.com/sigstore/rekor-tiles/v2/pkg/generated/protobuf
13801380
github.com/sigstore/rekor-tiles/v2/pkg/note
13811381
github.com/sigstore/rekor-tiles/v2/pkg/types/verifier
13821382
github.com/sigstore/rekor-tiles/v2/pkg/verify
1383-
# github.com/sigstore/sigstore v1.10.3
1383+
# github.com/sigstore/sigstore v1.10.4
13841384
## explicit; go 1.25.0
13851385
github.com/sigstore/sigstore/pkg/cryptoutils
13861386
github.com/sigstore/sigstore/pkg/cryptoutils/goodkey

0 commit comments

Comments
 (0)