Skip to content

[Snyk] Security upgrade golang from 1.25.2 to 1.26rc2#6444

Open
khanhtc1202 wants to merge 1 commit intomasterfrom
snyk-fix-b853d9dbbc3f000b4b91c97d61006b1b
Open

[Snyk] Security upgrade golang from 1.25.2 to 1.26rc2#6444
khanhtc1202 wants to merge 1 commit intomasterfrom
snyk-fix-b853d9dbbc3f000b4b91c97d61006b1b

Conversation

@khanhtc1202
Copy link
Copy Markdown
Member

@khanhtc1202 khanhtc1202 commented Jan 20, 2026

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

  • tool/codegen/Dockerfile

We recommend upgrading to golang:1.26rc2, as this image has only 109 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Out-of-bounds Write
SNYK-DEBIAN13-GNUPG2-14723299		   614  
high severity Out-of-bounds Write
SNYK-DEBIAN13-GNUPG2-14723299		   614  
high severity Out-of-bounds Write
SNYK-DEBIAN13-GNUPG2-14723299		   614  
high severity Out-of-bounds Write
SNYK-DEBIAN13-GNUPG2-14723299		   614  
high severity Out-of-bounds Write
SNYK-DEBIAN13-GNUPG2-14723299		   614  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Out-of-bounds Write

@khanhtc1202 khanhtc1202 requested a review from a team as a code owner January 20, 2026 09:14
@codecov
Copy link
Copy Markdown

codecov bot commented Jan 20, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 28.87%. Comparing base (08f6981) to head (2e07e3a).
⚠️ Report is 46 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #6444   +/-   ##
=======================================
  Coverage   28.87%   28.87%           
=======================================
  Files         560      560           
  Lines       59955    59955           
=======================================
  Hits        17313    17313           
  Misses      41321    41321           
  Partials     1321     1321
Flag Coverage Δ
. 23.29% <ø> (ø)
.-pkg-app-pipedv1-plugin-analysis 32.64% <ø> (ø)
.-pkg-app-pipedv1-plugin-kubernetes 58.67% <ø> (ø)
.-pkg-app-pipedv1-plugin-kubernetes_multicluster 67.63% <ø> (ø)
.-pkg-app-pipedv1-plugin-scriptrun 54.83% <ø> (ø)
.-pkg-app-pipedv1-plugin-terraform 38.65% <ø> (ø)
.-pkg-app-pipedv1-plugin-wait 33.92% <ø> (ø)
.-pkg-app-pipedv1-plugin-waitapproval 52.71% <ø> (ø)
.-pkg-plugin-sdk 50.34% <ø> (ø)
.-tool-actions-gh-release 19.23% <ø> (ø)
.-tool-actions-plan-preview 25.51% <ø> (ø)
.-tool-codegen-protoc-gen-auth 0.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Okabe-Junya
Okabe-Junya reviewed Jan 21, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@Okabe-Junya Okabe-Junya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure why some tools like Snyk, depndabot suggest rc version... 🤔
I would think we don't need to use rc rather than stable one

WDYT?

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 21, 2026

This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 7 days.

@github-actions github-actions bot added Stale and removed Stale labels Feb 21, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 25, 2026

This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 7 days.

@github-actions github-actions bot added the Stale label Mar 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Okabe-Junya Okabe-Junya Okabe-Junya left review comments

@Warashi Warashi Awaiting requested review from Warashi Warashi is a code owner automatically assigned from pipe-cd/pipecd-approvers

@ffjlabo ffjlabo Awaiting requested review from ffjlabo ffjlabo is a code owner automatically assigned from pipe-cd/pipecd-approvers

@t-kikuc t-kikuc Awaiting requested review from t-kikuc t-kikuc is a code owner automatically assigned from pipe-cd/pipecd-approvers

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

area/tool Stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@khanhtc1202 @Okabe-Junya @snyk-bot