Skip to content

*: upgrade go version to v1.25.6 to avoid security vulnerabilities (#1080) #1082

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ti-chi-bot merged 5 commits into from
Feb 9, 2026
Merged

*: upgrade go version to v1.25.6 to avoid security vulnerabilities (#1080) #1082

ti-chi-bot merged 5 commits into from
Feb 9, 2026
+38 −31

Conversation

@ti-chi-bot
Copy link
Member

@ti-chi-bot ti-chi-bot commented Feb 9, 2026

This is an automated cherry-pick of #1080

What problem does this PR solve?

Issue Number: close #1078

Problem Summary:

Target: `usr/bin/tiproxy` (gobinary) (7 vulnerabilities)
[MEDIUM] Risk Library:  golang.org/x/crypto  Installed: `v0.40.0`
[CVE-2025-47914](https://nvd.nist.gov/vuln/detail/CVE-2025-47914) - MEDIUM - Fixed: `0.45.0`
[CVE-2025-58181](https://nvd.nist.gov/vuln/detail/CVE-2025-58181) - MEDIUM - Fixed: `0.45.0`
[UNKNOWN] Risk Library:  stdlib  Installed: `v1.25.5`
[CVE-2025-61726](https://nvd.nist.gov/vuln/detail/CVE-2025-61726) - UNKNOWN - Fixed: `1.24.12, 1.25.6`
[CVE-2025-61728](https://nvd.nist.gov/vuln/detail/CVE-2025-61728) - UNKNOWN - Fixed: `1.24.12, 1.25.6`
[CVE-2025-61730](https://nvd.nist.gov/vuln/detail/CVE-2025-61730) - UNKNOWN - Fixed: `1.24.12, 1.25.6`

Target: `usr/bin/tiproxyctl` (gobinary) (3 vulnerabilities)
[UNKNOWN] Risk Library:  stdlib  Installed: `v1.25.5`
[CVE-2025-61726](https://nvd.nist.gov/vuln/detail/CVE-2025-61726) - UNKNOWN - Fixed: `1.24.12, 1.25.6`
[CVE-2025-61728](https://nvd.nist.gov/vuln/detail/CVE-2025-61728) - UNKNOWN - Fixed: `1.24.12, 1.25.6`
[CVE-2025-61730](https://nvd.nist.gov/vuln/detail/CVE-2025-61730) - UNKNOWN - Fixed: `1.24.12, 1.25.6`

What is changed and how it works:

  • Upgrade go to v1.25.6
  • Upgrade golang.org/x/crypto to latest
  • Use go1.25.6 to compile golangci-lint

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No code

Notable changes

  • Has configuration change
  • Has HTTP API interfaces change
  • Has tiproxyctl change
  • Other user behavior changes

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

None

@ti-chi-bot ti-chi-bot mentioned this pull request Feb 9, 2026
Merged
8 tasks
@ti-chi-bot ti-chi-bot bot requested review from bb7133 and xhebox February 9, 2026 03:12
@codecov-commenter
Copy link

codecov-commenter commented Feb 9, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (release-nextgen-20251023@470d0ee). Learn more about missing BASE report.

Additional details and impacted files 
@@                     Coverage Diff                     @@
##             release-nextgen-20251023    #1082   +/-   ##
===========================================================
  Coverage                            ?   66.11%           
===========================================================
  Files                               ?      137           
  Lines                               ?    13691           
  Branches                            ?        0           
===========================================================
  Hits                                ?     9052           
  Misses                              ?     4038           
  Partials                            ?      601
Flag Coverage Δ
unit 66.11% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@ti-chi-bot
Copy link

ti-chi-bot bot commented Feb 9, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: djshow832

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ti-chi-bot
Copy link

ti-chi-bot bot commented Feb 9, 2026

[LGTM Timeline notifier]

Timeline:

  • 2026-02-09 03:29:12.662515835 +0000 UTC m=+155568.356655675: ☑️ agreed by djshow832.

@ti-chi-bot ti-chi-bot bot added the approved label Feb 9, 2026
@ti-chi-bot ti-chi-bot bot merged commit 3463c36 into pingcap:release-nextgen-20251023 Feb 9, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@djshow832 djshow832 djshow832 approved these changes

@bb7133 bb7133 Awaiting requested review from bb7133

@xhebox xhebox Awaiting requested review from xhebox

Assignees

@djshow832 djshow832

Labels

approved cherry-pick-approved lgtm size/M type/cherry-pick-for-release-nextgen-20251023

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ti-chi-bot @codecov-commenter @djshow832