Skip to content

bump: upgrade go version to 1.24.13#84

Merged
CallMeLeopoldo merged 1 commit intomasterfrom
ls/upgrade-go-version
Mar 19, 2026
Merged

bump: upgrade go version to 1.24.13#84
CallMeLeopoldo merged 1 commit intomasterfrom
ls/upgrade-go-version

Conversation

@CallMeLeopoldo
Copy link
Contributor

@CallMeLeopoldo CallMeLeopoldo commented Mar 19, 2026

No description provided.

@CallMeLeopoldo CallMeLeopoldo requested a review from lolgab as a code owner March 19, 2026 10:28
@codacy-production
Copy link

codacy-production bot commented Mar 19, 2026

Codacy's Analysis Summary

0 new issues (≤ 1 medium issue)
0 new security issues (≤ 0 minor issues)
0 complexity
0 duplications
More details

AI Reviewer: first review requested successfully. AI can make mistakes. Always validate suggestions.

Run reviewer

TIP This summary will be updated as you push new changes. Give us feedback

codacy-production[bot]
codacy-production bot reviewed Mar 19, 2026
View reviewed changes
Copy link

@codacy-production codacy-production bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Although the automated analysis indicates the PR is up to standards, the proposed upgrade to Go 1.24.13 introduces high-severity security risks, including CVE-2026-25679 (IPv6 host literal parsing). This issue prevents a safe merge. To maintain application security, the upgrade should target Go 1.25.8 instead.

Additionally, there is a discrepancy between the code changes and the build environment; the PR lacks corresponding CI configuration updates, which may result in mismatched compilation environments. The absence of a PR description or linked issue further complicates the audit trail for this dependency change.

About this PR

  • The PR description is empty and no Jira ticket is linked. Providing context for dependency upgrades is required for proper project history.

Test suggestions

  • Verify that the project compiles successfully using Go 1.24.13
  • Run existing unit tests using Go 1.24.13 to ensure no regressions in standard library behavior
Prompt proposal for missing tests 
Consider implementing these tests if applicable:
1. Verify that the project compiles successfully using Go 1.24.13
2. Run existing unit tests using Go 1.24.13 to ensure no regressions in standard library behavior
Low confidence findings
  • There are no CI configuration changes visible to confirm the build environment has also been updated to the new Go version. Ensure the CI environment aligns with the go.mod requirements.

🗒️ Improve review quality by adding custom instructions

go.mod
module github.com/codacy/helm-ssm

go 1.24.9
go 1.24.13
Copy link

@codacy-production codacy-production bot Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 HIGH RISK

The Go version 1.24.13 contains multiple security vulnerabilities: CVE-2026-25679 (High) affecting IPv6 host literal parsing in net/url, CVE-2026-27142 (Medium) regarding URL escaping in html/template, and CVE-2026-27139 (Minor) in the os module. It is recommended to upgrade directly to version 1.25.8 to address these risks.

This might be a simple fix:

Suggested change
go 1.24.13
go 1.25.8

See Issue in Codacy
See Issue in Codacy
See Issue in Codacy

@CallMeLeopoldo CallMeLeopoldo merged commit 2a0b7f0 into master Mar 19, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ricardobernardino2024 ricardobernardino2024 ricardobernardino2024 approved these changes

@lolgab lolgab Awaiting requested review from lolgab lolgab is a code owner

+1 more reviewer

@codacy-production codacy-production[bot] codacy-production[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@CallMeLeopoldo @ricardobernardino2024