This is an automated email from the ASF dual-hosted git repository.
kezhenxu94 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/skywalking-swck.git
The following commit(s) were added to refs/heads/master by this push:
new 72c6ffa cves: bump Go to 1.25.9, go.opentelemetry.io/otel/sdk to
v1.43.0 (#189)
72c6ffa is described below
commit 72c6ffa3ab49d50b8660e7163e7a570d43832b9d
Author: tetrate-ci[bot] <[email protected]>
AuthorDate: Sun Apr 12 07:43:08 2026 +0530
cves: bump Go to 1.25.9, go.opentelemetry.io/otel/sdk to v1.43.0 (#189)
* cves: bump Go to 1.25.9, go.opentelemetry.io/otel/sdk to v1.43.0
- Go 1.25.8 → 1.25.9 (CVE-2026-32280, CVE-2026-32281, CVE-2026-32282,
CVE-2026-32283, CVE-2026-32288, CVE-2026-32289)
- go.opentelemetry.io/otel/sdk v1.40.0 → v1.43.0 (CVE-2026-39883)
* ci: pin Go version to 1.25.9 in workflow to match go.mod requirement
The adapter/go.mod requires go 1.25.9, but the CI workflow was using
go-version: "1.25" which resolved to go1.25.8, causing a compile error:
compile: version "go1.25.9" does not match go tool version "go1.25.8"
Pinning to 1.25.9 ensures the correct Go version is installed.
---------
Co-authored-by: Security Agent <[email protected]>
---
.github/workflows/go.yml | 28 ++++++++++++++--------------
adapter/go.mod | 14 ++++++--------
adapter/go.sum | 24 ++++++++++++------------
3 files changed, 32 insertions(+), 34 deletions(-)
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index a3b00b6..aae9a7a 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -31,7 +31,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v5
with:
- go-version: "1.25"
+ go-version: "1.25.9"
- name: Check out code into the Go module directory
uses: actions/checkout@v4
- name: Check License
@@ -45,7 +45,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v5
with:
- go-version: "1.25"
+ go-version: "1.25.9"
- name: Check out code into the Go module directory
uses: actions/checkout@v4
- name: Build
@@ -59,7 +59,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v5
with:
- go-version: "1.25"
+ go-version: "1.25.9"
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v4
@@ -74,7 +74,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v5
with:
- go-version: "1.25"
+ go-version: "1.25.9"
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v4
@@ -95,7 +95,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v5
with:
- go-version: 1.25
+ go-version: "1.25.9"
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v4
@@ -116,7 +116,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v5
with:
- go-version: 1.25
+ go-version: "1.25.9"
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v4
@@ -137,7 +137,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v5
with:
- go-version: 1.25
+ go-version: "1.25.9"
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v4
@@ -158,7 +158,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v5
with:
- go-version: 1.25
+ go-version: "1.25.9"
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v4
@@ -179,7 +179,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v5
with:
- go-version: 1.25
+ go-version: "1.25.9"
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v4
@@ -200,7 +200,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v5
with:
- go-version: 1.25
+ go-version: "1.25.9"
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v4
@@ -221,7 +221,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v5
with:
- go-version: 1.25
+ go-version: "1.25.9"
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v4
@@ -242,7 +242,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v5
with:
- go-version: 1.25
+ go-version: "1.25.9"
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v4
@@ -263,7 +263,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v5
with:
- go-version: 1.25
+ go-version: "1.25.9"
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v4
@@ -284,7 +284,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v5
with:
- go-version: 1.25
+ go-version: "1.25.9"
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v4
diff --git a/adapter/go.mod b/adapter/go.mod
index 04769f3..dac17f5 100644
--- a/adapter/go.mod
+++ b/adapter/go.mod
@@ -1,8 +1,6 @@
module github.com/apache/skywalking-swck/adapter
-go 1.25
-
-toolchain go1.25.8
+go 1.25.9
require (
github.com/apache/skywalking-cli v0.0.0-20210209032327-04a0ce08990f
@@ -74,12 +72,12 @@ require (
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
v0.47.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0
// indirect
- go.opentelemetry.io/otel v1.40.0 // indirect
+ go.opentelemetry.io/otel v1.43.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0
// indirect
- go.opentelemetry.io/otel/metric v1.40.0 // indirect
- go.opentelemetry.io/otel/sdk v1.40.0 // indirect
- go.opentelemetry.io/otel/trace v1.40.0 // indirect
+ go.opentelemetry.io/otel/metric v1.43.0 // indirect
+ go.opentelemetry.io/otel/sdk v1.43.0 // indirect
+ go.opentelemetry.io/otel/trace v1.43.0 // indirect
go.opentelemetry.io/proto/otlp v1.1.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.26.0 // indirect
@@ -89,7 +87,7 @@ require (
golang.org/x/net v0.48.0 // indirect
golang.org/x/oauth2 v0.34.0 // indirect
golang.org/x/sync v0.19.0 // indirect
- golang.org/x/sys v0.40.0 // indirect
+ golang.org/x/sys v0.42.0 // indirect
golang.org/x/term v0.38.0 // indirect
golang.org/x/text v0.32.0 // indirect
golang.org/x/time v0.5.0 // indirect
diff --git a/adapter/go.sum b/adapter/go.sum
index 639d92c..cd35caa 100644
--- a/adapter/go.sum
+++ b/adapter/go.sum
@@ -643,20 +643,20 @@
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.4
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
v0.47.0/go.mod h1:r9vWsPS/3AQItv3OSlEJ/E4mbrhUbbw18meOjArPtKQ=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0
h1:sv9kVfal0MK0wBMCOGr+HeJm9v803BkJxGrk2au7j08=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0/go.mod
h1:SK2UL73Zy1quvRPonmOmRDiWk1KBV3LyIeeIxcEApWw=
-go.opentelemetry.io/otel v1.40.0
h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=
-go.opentelemetry.io/otel v1.40.0/go.mod
h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g=
+go.opentelemetry.io/otel v1.43.0
h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I=
+go.opentelemetry.io/otel v1.43.0/go.mod
h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0
h1:9M3+rhx7kZCIQQhQRYaZCdNu1V73tm4TvXs2ntl98C4=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0/go.mod
h1:noq80iT8rrHP1SfybmPiRGc9dc5M8RPmGvtwo7Oo7tc=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0
h1:H2JFgRcGiyHg7H7bwcwaQJYrNFqCqrbTQ8K4p1OvDu8=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0/go.mod
h1:WfCWp1bGoYK8MeULtI15MmQVczfR+bFkk0DF3h06QmQ=
-go.opentelemetry.io/otel/metric v1.40.0
h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g=
-go.opentelemetry.io/otel/metric v1.40.0/go.mod
h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc=
-go.opentelemetry.io/otel/sdk v1.40.0
h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8=
-go.opentelemetry.io/otel/sdk v1.40.0/go.mod
h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE=
-go.opentelemetry.io/otel/sdk/metric v1.40.0
h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw=
-go.opentelemetry.io/otel/sdk/metric v1.40.0/go.mod
h1:4Z2bGMf0KSK3uRjlczMOeMhKU2rhUqdWNoKcYrtcBPg=
-go.opentelemetry.io/otel/trace v1.40.0
h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw=
-go.opentelemetry.io/otel/trace v1.40.0/go.mod
h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA=
+go.opentelemetry.io/otel/metric v1.43.0
h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM=
+go.opentelemetry.io/otel/metric v1.43.0/go.mod
h1:RDnPtIxvqlgO8GRW18W6Z/4P462ldprJtfxHxyKd2PY=
+go.opentelemetry.io/otel/sdk v1.43.0
h1:pi5mE86i5rTeLXqoF/hhiBtUNcrAGHLKQdhg4h4V9Dg=
+go.opentelemetry.io/otel/sdk v1.43.0/go.mod
h1:P+IkVU3iWukmiit/Yf9AWvpyRDlUeBaRg6Y+C58QHzg=
+go.opentelemetry.io/otel/sdk/metric v1.43.0
h1:S88dyqXjJkuBNLeMcVPRFXpRw2fuwdvfCGLEo89fDkw=
+go.opentelemetry.io/otel/sdk/metric v1.43.0/go.mod
h1:C/RJtwSEJ5hzTiUz5pXF1kILHStzb9zFlIEe85bhj6A=
+go.opentelemetry.io/otel/trace v1.43.0
h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09nk+3A=
+go.opentelemetry.io/otel/trace v1.43.0/go.mod
h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0=
go.opentelemetry.io/proto/otlp v0.7.0/go.mod
h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
go.opentelemetry.io/proto/otlp v1.1.0
h1:2Di21piLrCqJ3U3eXGCTPHE9R8Nh+0uglSnOyxikMeI=
go.opentelemetry.io/proto/otlp v1.1.0/go.mod
h1:GpBHCBWiqvVLDqmHZsoMM3C5ySeKTC7ej/RNTae6MdY=
@@ -824,8 +824,8 @@ golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod
h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
-golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=
+golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod
h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
golang.org/x/term v0.38.0/go.mod
h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
