From 40b2af36da17a09d56340efc20b3b8fecdd065f0 Mon Sep 17 00:00:00 2001
From: Harishma-Hari <harishmashyama@gmail.com>
Date: Thu, 15 Jan 2026 14:53:25 +0530
Subject: [PATCH] fix: upgrade Go to 1.25.5 to address CVE-2025-61729

- Upgraded Go version from 1.24.2 to 1.25.5
- Fixes CVE-2025-61729 in crypto/x509 package
- Resolves excessive resource consumption vulnerability in HostnameError.Error()
- CVSS Score: 7.5 (High severity)

This security patch prevents quadratic runtime issues when constructing
error strings with unlimited host printing in x509 certificate validation.
---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 5eb7e79586..fb0d4444d2 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/kubernetes-csi/external-provisioner/v5
 
-go 1.24.2
+go 1.25.5
 
 require (
 	github.com/container-storage-interface/spec v1.12.0