Skip to content

*: upgrade go version to v1.25.6 to avoid security vulnerabilities#1080

Merged
ti-chi-bot[bot] merged 5 commits intopingcap:mainfrom
djshow832:simple
Feb 9, 2026
Merged

*: upgrade go version to v1.25.6 to avoid security vulnerabilities#1080
ti-chi-bot[bot] merged 5 commits intopingcap:mainfrom
djshow832:simple

Conversation

@djshow832
Copy link
Collaborator

@djshow832 djshow832 commented Feb 6, 2026
edited
Loading

What problem does this PR solve?

Issue Number: close #1078

Problem Summary:

Target: `usr/bin/tiproxy` (gobinary) (7 vulnerabilities)
[MEDIUM] Risk Library:  golang.org/x/crypto  Installed: `v0.40.0`
[CVE-2025-47914](https://nvd.nist.gov/vuln/detail/CVE-2025-47914) - MEDIUM - Fixed: `0.45.0`
[CVE-2025-58181](https://nvd.nist.gov/vuln/detail/CVE-2025-58181) - MEDIUM - Fixed: `0.45.0`
[UNKNOWN] Risk Library:  stdlib  Installed: `v1.25.5`
[CVE-2025-61726](https://nvd.nist.gov/vuln/detail/CVE-2025-61726) - UNKNOWN - Fixed: `1.24.12, 1.25.6`
[CVE-2025-61728](https://nvd.nist.gov/vuln/detail/CVE-2025-61728) - UNKNOWN - Fixed: `1.24.12, 1.25.6`
[CVE-2025-61730](https://nvd.nist.gov/vuln/detail/CVE-2025-61730) - UNKNOWN - Fixed: `1.24.12, 1.25.6`

Target: `usr/bin/tiproxyctl` (gobinary) (3 vulnerabilities)
[UNKNOWN] Risk Library:  stdlib  Installed: `v1.25.5`
[CVE-2025-61726](https://nvd.nist.gov/vuln/detail/CVE-2025-61726) - UNKNOWN - Fixed: `1.24.12, 1.25.6`
[CVE-2025-61728](https://nvd.nist.gov/vuln/detail/CVE-2025-61728) - UNKNOWN - Fixed: `1.24.12, 1.25.6`
[CVE-2025-61730](https://nvd.nist.gov/vuln/detail/CVE-2025-61730) - UNKNOWN - Fixed: `1.24.12, 1.25.6`

What is changed and how it works:

  • Upgrade go to v1.25.6
  • Upgrade golang.org/x/crypto to latest
  • Use go1.25.6 to compile golangci-lint

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No code

Notable changes

  • Has configuration change
  • Has HTTP API interfaces change
  • Has tiproxyctl change
  • Other user behavior changes

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

None

@ti-chi-bot ti-chi-bot bot requested review from YangKeao and xhebox February 6, 2026 05:53
@ti-chi-bot ti-chi-bot bot added the size/M label Feb 6, 2026
@djshow832 djshow832 changed the title *: upgrade go version to v1.25.6 to avoid security vulnerabilities *: upgrade go version to v1.25.7 to avoid security vulnerabilities Feb 6, 2026
@djshow832
Copy link
Collaborator Author

djshow832 commented Feb 6, 2026

/retest

1 similar comment
@djshow832
Copy link
Collaborator Author

djshow832 commented Feb 6, 2026

/retest

@djshow832
Copy link
Collaborator Author

djshow832 commented Feb 6, 2026

/retest

@codecov-commenter
Copy link

codecov-commenter commented Feb 6, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (main@f52d4a5). Learn more about missing BASE report.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1080   +/-   ##
=======================================
  Coverage        ?   66.73%           
=======================================
  Files           ?      141           
  Lines           ?    14630           
  Branches        ?        0           
=======================================
  Hits            ?     9764           
  Misses          ?     4193           
  Partials        ?      673
Flag Coverage Δ
unit 66.73% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@djshow832 djshow832 changed the title *: upgrade go version to v1.25.7 to avoid security vulnerabilities *: upgrade go version to v1.25.6 to avoid security vulnerabilities Feb 6, 2026
@djshow832 djshow832 mentioned this pull request Feb 6, 2026
Closed
8 tasks
@ti-chi-bot ti-chi-bot bot added the lgtm label Feb 9, 2026
@ti-chi-bot
Copy link

ti-chi-bot bot commented Feb 9, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: YangKeao

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ti-chi-bot
Copy link

ti-chi-bot bot commented Feb 9, 2026

[LGTM Timeline notifier]

Timeline:

  • 2026-02-09 02:21:05.746085241 +0000 UTC m=+151481.440225091: ☑️ agreed by YangKeao.

@ti-chi-bot ti-chi-bot bot added the approved label Feb 9, 2026
@ti-chi-bot ti-chi-bot bot merged commit 7f15b1b into pingcap:main Feb 9, 2026
6 checks passed
@djshow832 djshow832 deleted the simple branch February 9, 2026 03:01
@djshow832
Copy link
Collaborator Author

djshow832 commented Feb 9, 2026

/cherry-pick release-nextgen-20251023

@ti-chi-bot
Copy link
Member

ti-chi-bot commented Feb 9, 2026

@djshow832: new pull request created to branch release-nextgen-20251023: #1082.

Details

In response to this:

/cherry-pick release-nextgen-20251023

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

@ti-chi-bot ti-chi-bot mentioned this pull request Feb 9, 2026
Merged
8 tasks
ti-chi-bot bot pushed a commit that referenced this pull request Feb 9, 2026
@ti-chi-bot @djshow832
*: upgrade go version to v1.25.6 to avoid security vulnerabilities (#…
3463c36 
…1080) (#1082)

Co-authored-by: djshow832 <zhangming@pingcap.com>
@djshow832
Copy link
Collaborator Author

djshow832 commented Feb 9, 2026

/cherry-pick release-1.3

@ti-chi-bot
Copy link
Member

ti-chi-bot commented Feb 9, 2026

@djshow832: new pull request created to branch release-1.3: #1083.
But this PR has conflicts, please resolve them!

Details

In response to this:

/cherry-pick release-1.3

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

ti-chi-bot pushed a commit to ti-chi-bot/tiproxy that referenced this pull request Feb 9, 2026
@djshow832 @ti-chi-bot
This is an automated cherry-pick of pingcap#1080
a5731df 
Signed-off-by: ti-chi-bot <ti-community-prow-bot@tidb.io>
@ti-chi-bot ti-chi-bot mentioned this pull request Feb 9, 2026
Open
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xhebox xhebox Awaiting requested review from xhebox

1 more reviewer

@YangKeao YangKeao YangKeao approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

approved lgtm size/M

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

upgrade go to v1.25.6

4 participants

@djshow832 @codecov-commenter @ti-chi-bot @YangKeao