fix: Upgrade Go to 1.25.6 to address security vulnerabilities (#718)

bjcoombs · web-flow · commit f6df7b3780a0 · 2026-01-29T20:35:57.000Z
Addresses two critical security vulnerabilities found in Go 1.25.5:

- GO-2026-4341: Memory exhaustion in query parameter parsing (net/url)
- GO-2026-4340: TLS handshake messages processed at incorrect encryption level (crypto/tls)

Both vulnerabilities are fixed in Go 1.25.6.

Updated all GitHub Actions workflows to use Go 1.25.6.

Co-authored-by: Ben Coombs &lt;bjcoombs@users.noreply.github.com&gt;
diff --git a/.github/workflows/benchmarks.yml b/.github/workflows/benchmarks.yml
@@ -27,7 +27,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v6
         with:
-          go-version: '1.25.5'
+          go-version: '1.25.6'
           cache: true
 
       - name: Set up buf
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -31,7 +31,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v6
         with:
-          go-version: '1.25.5'
+          go-version: '1.25.6'
           cache: true
 
       - name: Set up buf
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -64,7 +64,7 @@ jobs:
       if: matrix.language == 'go'
       uses: actions/setup-go@v6
       with:
-        go-version: '1.25.5'
+        go-version: '1.25.6'
         cache: true
 
     # Set up buf for protobuf generation (pinned version for reproducibility)
diff --git a/.github/workflows/migrations.yml b/.github/workflows/migrations.yml
@@ -35,7 +35,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v6
         with:
-          go-version: '1.25.5'
+          go-version: '1.25.6'
           cache: true
 
       - name: Install Atlas CLI
@@ -80,7 +80,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v6
         with:
-          go-version: '1.25.5'
+          go-version: '1.25.6'
           cache: true
 
       - name: Install Atlas CLI
@@ -241,7 +241,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v6
         with:
-          go-version: '1.25.5'
+          go-version: '1.25.6'
           cache: true
 
       - name: Install Atlas CLI
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
@@ -28,7 +28,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v6
         with:
-          go-version: '1.25.5'
+          go-version: '1.25.6'
           cache: true
 
       - name: Set up buf
@@ -98,7 +98,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v6
       with:
-        go-version: '1.25.5'
+        go-version: '1.25.6'
         cache: true
 
     - name: Set up buf
diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml
@@ -38,7 +38,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v6
         with:
-          go-version: '1.25.5'
+          go-version: '1.25.6'
           cache: true
 
       - name: Set up buf
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -25,7 +25,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v6
       with:
-        go-version: '1.25.5'
+        go-version: '1.25.6'
         cache: true
 
     - name: Set up buf
@@ -51,7 +51,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v6
       with:
-        go-version: '1.25.5'
+        go-version: '1.25.6'
         cache: true
 
     - name: Set up buf
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -22,7 +22,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v6
         with:
-          go-version: '1.25.5'
+          go-version: '1.25.6'
           cache: true
 
       - name: Set up buf
