Skip to content

chore(deps): Bump Go >= 1.24.12 to fix CVE-2025-61726#6219

Merged
ntkathole merged 2 commits intofeast-dev:masterfrom
patelchaitany:fix/CVE-2025-61726-net-url
Apr 9, 2026
Merged

chore(deps): Bump Go >= 1.24.12 to fix CVE-2025-61726#6219
ntkathole merged 2 commits intofeast-dev:masterfrom
patelchaitany:fix/CVE-2025-61726-net-url

Conversation

@patelchaitany
Copy link
Copy Markdown
Contributor

@patelchaitany patelchaitany commented Apr 2, 2026
edited
Loading

Fix CVE-2025-61726 (memory exhaustion in net/url query parameter parsing, CVSS 7.5) by bumping the Go toolchain from 1.22.9 to 1.24.12 in the feast-operator go.mod and Dockerfile.

Open with Devin

@patelchaitany patelchaitany requested a review from a team as a code owner April 2, 2026 08:14
@patelchaitany patelchaitany changed the title chore(deps): bump Go >= 1.24.12 to fix CVE-2025-61726 chore(deps): Bump Go >= 1.24.12 to fix CVE-2025-61726 Apr 2, 2026
devin-ai-integration[bot]

This comment was marked as resolved.

Sign in to view

@patelchaitany patelchaitany force-pushed the fix/CVE-2025-61726-net-url branch from 6cfae36 to dc9bd4b Compare April 2, 2026 10:00
shuchu
shuchu approved these changes Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@shuchu shuchu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lgtm

@ntkathole ntkathole force-pushed the fix/CVE-2025-61726-net-url branch from dc9bd4b to 9ff5286 Compare April 2, 2026 12:35
devin-ai-integration[bot]

This comment was marked as resolved.

Sign in to view

@patelchaitany patelchaitany force-pushed the fix/CVE-2025-61726-net-url branch 5 times, most recently from d999b0f to f79ffc6 Compare April 7, 2026 03:54
@patelchaitany patelchaitany requested a review from shuchu April 7, 2026 04:57
@patelchaitany patelchaitany force-pushed the fix/CVE-2025-61726-net-url branch 2 times, most recently from a437a4e to 603b040 Compare April 8, 2026 05:10
@ntkathole ntkathole force-pushed the fix/CVE-2025-61726-net-url branch from 603b040 to 8e2c779 Compare April 9, 2026 04:53
devin-ai-integration[bot]

This comment was marked as resolved.

Sign in to view

@patelchaitany patelchaitany force-pushed the fix/CVE-2025-61726-net-url branch from 8e2c779 to 79f43f0 Compare April 9, 2026 07:15
@patelchaitany
chore(deps): bump Go >= 1.24.12 to fix CVE-2025-61726
42d933c 
Bump the Go toolchain from 1.22.9 to 1.24.12 in the feast-operator
go.mod and Dockerfile to fix CVE-2025-61726 (memory exhaustion in
net/url query parameter parsing, CVSS 7.5).

Signed-off-by: Chaitany patel <patelchaitany93@gmail.com>
Made-with: Cursor
@patelchaitany
Upgraded Operator SDK
31fdb9f 
Signed-off-by: Chaitany patel <patelchaitany93@gmail.com>
@patelchaitany patelchaitany force-pushed the fix/CVE-2025-61726-net-url branch from 79f43f0 to 31fdb9f Compare April 9, 2026 07:15
@patelchaitany patelchaitany requested a review from aniketpalu April 9, 2026 07:16
@aniketpalu
Copy link
Copy Markdown
Contributor

aniketpalu commented Apr 9, 2026

Lgtm

@patelchaitany patelchaitany requested a review from ntkathole April 9, 2026 09:21
@ntkathole ntkathole merged commit d6f33ce into feast-dev:master Apr 9, 2026
30 of 31 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

@shuchu shuchu Awaiting requested review from shuchu

@aniketpalu aniketpalu Awaiting requested review from aniketpalu

@ntkathole ntkathole Awaiting requested review from ntkathole

Assignees

No one assigned

Labels

ok-to-test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@patelchaitany @aniketpalu @shuchu @ntkathole