Skip to content

fix: vuln 0512#22

Merged
chengjingtao merged 1 commit into
release-1.10from
fix/vuln-0512
May 12, 2026
Merged

fix: vuln 0512#22
chengjingtao merged 1 commit into
release-1.10from
fix/vuln-0512

Conversation

@chengjingtao
Copy link
Copy Markdown

@chengjingtao chengjingtao commented May 12, 2026

Switch tool-image from devops/builder-go:latest to devops/github/builder-go:latest to pick up Go 1.26.3.

The devops/builder-go:latest mirror still ships Go 1.25.7, which leaves 15 stdlib CVEs unfixed (incl. Critical CVE-2025-68121). The devops/github/builder-go:latest mirror was rebuilt 2026-05-08 and now ships Go 1.26.3.

Follows the same pattern as eventing PR #13 (fix: vuln 1205).

Part of the v3.20.10 vuln-fix sweep for knative-operator-bundle.

fix: vuln 0512
0b49b4e 
Switch tool-image from devops/builder-go:latest to devops/github/builder-go:latest
to pick up Go 1.26.3 (fixes stdlib CVEs including CVE-2025-68121).

Follows same pattern as knative-eventing PR #13 (fix vuln 1205).
@chengjingtao chengjingtao mentioned this pull request May 12, 2026
Merged
@chengjingtao
Copy link
Copy Markdown
Author

chengjingtao commented May 12, 2026
edited
Loading

Build / build / Build (pull_request) 是 knative 自动同步过来的 workflow, 其中 runner 升级了golang 的版本, 配套 go 的一些包需要升级。 该部分我们实际用不到,已经失败了很久。 单独开一个PR 来处理。

@chengjingtao chengjingtao merged commit 50f0b6b into release-1.10 May 12, 2026
9 of 31 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lentil1016 lentil1016 lentil1016 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chengjingtao @lentil1016