Update Go to 1.25 by proddi · Pull Request #245 · prometheus-community/bind_exporter

proddi · 2025-10-29T09:23:57Z

Update Go to fix vulnerabilities

Update Go build to 1.25 (required to get fixed dependencies).

Update dependencies to fix vulnerabilities:

$ grype .
NAME                 INSTALLED  FIXED-IN  TYPE       VULNERABILITY        SEVERITY
golang.org/x/crypto  v0.32.0    0.35.0    go-module  GHSA-hcg3-q754-cr77  High      
golang.org/x/net     v0.33.0    0.38.0    go-module  GHSA-vvgc-356p-c3xw  Medium    
golang.org/x/net     v0.33.0    0.36.0    go-module  GHSA-qxp5-gwg8-xv66  Medium    
golang.org/x/oauth2  v0.24.0    0.27.0    go-module  GHSA-6v2p-p543-phr9  High

SuperQ · 2025-10-29T09:35:43Z

This needs a DCO sign-off. You can use git commit -s --amend to add it.

.circleci/config.yml

.golangci.yml

go.mod

.circleci/config.yml

SuperQ · 2025-11-03T11:37:33Z

Fixed up the golangci-lint config in #246

* This fixes vulnerabilities Signed-off-by: Torsten Sachse <torsten.sachse@sap.com>

proddi · 2025-11-03T11:59:17Z

Fixed up the golangci-lint config in #246

rebased against it

SuperQ reviewed Oct 29, 2025

View reviewed changes

.circleci/config.yml Outdated Show resolved Hide resolved

proddi force-pushed the bump-to-1-24 branch from 27f7427 to 4a9e1b2 Compare October 29, 2025 10:07

proddi changed the title ~~Update Go to 1.24 to fix vulnerabilities in dependencies~~ Update Go to 1.25 to fix vulnerabilities in dependencies Oct 29, 2025

proddi requested a review from SuperQ October 29, 2025 12:54

SuperQ requested changes Oct 29, 2025

View reviewed changes

.golangci.yml Outdated Show resolved Hide resolved

.golangci.yml Outdated Show resolved Hide resolved

go.mod Outdated Show resolved Hide resolved

proddi force-pushed the bump-to-1-24 branch from 4a9e1b2 to d73d38c Compare October 29, 2025 15:43

proddi changed the title ~~Update Go to 1.25 to fix vulnerabilities in dependencies~~ Update Go to 1.24 to fix vulnerabilities in dependencies Oct 29, 2025

proddi requested a review from SuperQ October 29, 2025 15:44

SuperQ changed the title ~~Update Go to 1.24 to fix vulnerabilities in dependencies~~ Update Go to 1.25 Oct 29, 2025

SuperQ reviewed Oct 29, 2025

View reviewed changes

.circleci/config.yml Outdated Show resolved Hide resolved

proddi force-pushed the bump-to-1-24 branch from d73d38c to c3c1ed4 Compare November 3, 2025 11:19

proddi requested a review from SuperQ November 3, 2025 11:20

SuperQ approved these changes Nov 3, 2025

View reviewed changes

Update Go to 1.25

291813e

* This fixes vulnerabilities Signed-off-by: Torsten Sachse <torsten.sachse@sap.com>

proddi force-pushed the bump-to-1-24 branch from c3c1ed4 to 291813e Compare November 3, 2025 11:58

SuperQ merged commit cad22e2 into prometheus-community:master Nov 3, 2025
4 checks passed

proddi deleted the bump-to-1-24 branch November 3, 2025 13:52

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update Go to 1.25#245

Update Go to 1.25#245
SuperQ merged 1 commit intoprometheus-community:masterfrom
proddi:bump-to-1-24

proddi commented Oct 29, 2025 •

edited

Loading

Uh oh!

SuperQ commented Oct 29, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

SuperQ commented Nov 3, 2025

Uh oh!

proddi commented Nov 3, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

proddi commented Oct 29, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

SuperQ commented Oct 29, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

SuperQ commented Nov 3, 2025

Uh oh!

proddi commented Nov 3, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

proddi commented Oct 29, 2025 •

edited

Loading