Skip to content

golang:1.25.5#3186

Merged
bourgeoisor merged 1 commit intoGoogleCloudPlatform:mainfrom
mathieu-benoit:go-1-25-5
Dec 27, 2025
Merged

golang:1.25.5#3186
bourgeoisor merged 1 commit intoGoogleCloudPlatform:mainfrom
mathieu-benoit:go-1-25-5

Conversation

@mathieu-benoit
Copy link
Copy Markdown
Contributor

@mathieu-benoit mathieu-benoit commented Dec 20, 2025
edited
Loading

golang:1.25.5 as base image of the builder target in Dockerfile to complete #3160 and fix CVEs.

While writing this blog post Security hardening of the OnlineBoutique sample apps with the Docker Hardened Images (DHI), I found out that the go.mod was updated recently there #3179 but not the Dockerfiles, fixing this here with this PR.

docker scout compare --ignore-unchanged --to checkout:1.25.4 checkout:1.25.5:

## Overview
  
                     │                    Analyzed Image                    │                   Comparison Image                   
  ───────────────────┼──────────────────────────────────────────────────────┼──────────────────────────────────────────────────────
   Target            │  checkout:1.25.5                                     │  checkout:1.25.4                                     
     digest          │  5daa71234709                                        │  5261dc954ae0                                        
     tag             │  1.25.5                                              │  1.25.4                                              
     platform        │ linux/amd64                                          │ linux/amd64                                          
     provenance      │ https://github.com/mathieu-benoit/microservices-demo │ https://github.com/mathieu-benoit/microservices-demo 
                     │  31577bd1219a375dbcf185ebed57778c92f2e4a6            │  31577bd1219a375dbcf185ebed57778c92f2e4a6            
     vulnerabilities │    0C     0H     0M     0L                           │    0C     1H     1M     0L                           
                     │           -1     -1                                  │                                                      
     size            │ 6.7 MB (+378 B)                                      │ 6.7 MB                                               
     packages        │ 58                                                   │ 58                                                   
                     │                                                      │

## Packages and Vulnerabilities
  
  
    ⎌    1 packages changed (↑ 1 upgraded, ↓ 0 downgraded)  
        54 packages unchanged
  
  
    - 2 vulnerabilities removed
  
  
     Package  Type    Version  Compared Version  
  
  ↑  stdlib   golang  1.25.5   1.25.4            
     ├─  -  HIGH         CVE-2025-61729  [https://scout.docker.com/v/CVE-2025-61729]  
     │                   7.5    
     └─  -  MEDIUM       CVE-2025-61727  [https://scout.docker.com/v/CVE-2025-61727]  
                         6.5

@mathieu-benoit mathieu-benoit marked this pull request as draft December 20, 2025 17:21
@mathieu-benoit mathieu-benoit marked this pull request as ready for review December 20, 2025 18:34
@mathieu-benoit
Copy link
Copy Markdown
Contributor Author

mathieu-benoit commented Dec 20, 2025

Ready for your review, @bourgeoisor, thanks!

bourgeoisor
bourgeoisor approved these changes Dec 27, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@bourgeoisor bourgeoisor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@bourgeoisor bourgeoisor merged commit 2b284b9 into GoogleCloudPlatform:main Dec 27, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bourgeoisor bourgeoisor bourgeoisor approved these changes

@yoshi-approver yoshi-approver Awaiting requested review from yoshi-approver yoshi-approver is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mathieu-benoit @bourgeoisor