Skip to content

chore(deps): Bump Go >= 1.24.12 to fix CVE-2025-61726#6219

Open
patelchaitany wants to merge 2 commits intofeast-dev:masterfrom
patelchaitany:fix/CVE-2025-61726-net-url
Open

chore(deps): Bump Go >= 1.24.12 to fix CVE-2025-61726#6219
patelchaitany wants to merge 2 commits intofeast-dev:masterfrom
patelchaitany:fix/CVE-2025-61726-net-url

Conversation

@patelchaitany
Copy link
Copy Markdown
Contributor

@patelchaitany patelchaitany commented Apr 2, 2026
edited
Loading

Fix CVE-2025-61726 (memory exhaustion in net/url query parameter parsing, CVSS 7.5) by bumping the Go toolchain from 1.22.9 to 1.24.12 in the feast-operator go.mod and Dockerfile.

Open with Devin

@patelchaitany patelchaitany requested a review from a team as a code owner April 2, 2026 08:14
@patelchaitany patelchaitany changed the title chore(deps): bump Go >= 1.24.12 to fix CVE-2025-61726 chore(deps): Bump Go >= 1.24.12 to fix CVE-2025-61726 Apr 2, 2026
devin-ai-integration[bot]

This comment was marked as resolved.

Sign in to view

@patelchaitany patelchaitany force-pushed the fix/CVE-2025-61726-net-url branch from 6cfae36 to dc9bd4b Compare April 2, 2026 10:00
shuchu
shuchu approved these changes Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@shuchu shuchu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lgtm

@ntkathole ntkathole force-pushed the fix/CVE-2025-61726-net-url branch from dc9bd4b to 9ff5286 Compare April 2, 2026 12:35
devin-ai-integration[bot]

This comment was marked as resolved.

Sign in to view

@patelchaitany patelchaitany force-pushed the fix/CVE-2025-61726-net-url branch 5 times, most recently from d999b0f to f79ffc6 Compare April 7, 2026 03:54
@patelchaitany patelchaitany requested a review from shuchu April 7, 2026 04:57
@patelchaitany patelchaitany force-pushed the fix/CVE-2025-61726-net-url branch from a9044be to a437a4e Compare April 7, 2026 09:18
@patelchaitany
chore(deps): bump Go >= 1.24.12 to fix CVE-2025-61726
eaa37fc 
Bump the Go toolchain from 1.22.9 to 1.24.12 in the feast-operator
go.mod and Dockerfile to fix CVE-2025-61726 (memory exhaustion in
net/url query parameter parsing, CVSS 7.5).

Signed-off-by: Chaitany patel <[email protected]>
Made-with: Cursor
@patelchaitany
Upgraded Operator SDK
603b040 
Signed-off-by: Chaitany patel <[email protected]>
@patelchaitany patelchaitany force-pushed the fix/CVE-2025-61726-net-url branch from a437a4e to 603b040 Compare April 8, 2026 05:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

@shuchu shuchu Awaiting requested review from shuchu

Assignees

No one assigned

Labels

ok-to-test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@patelchaitany @shuchu @ntkathole