Bump Go to 1.25.8 to fix stdlib CVEs (#253)

Shivs11 · claude · Shivs11 · commit 50822b268ee4 · 2026-04-01T11:30:17.000-04:00
## Summary - Bumps Go version from 1.25.7 to 1.25.8 in `go.mod` - Fixes CVE-2026-25679 (High), CVE-2026-27142 (Medium), CVE-2026-27139 (Low) in Go stdlib - Identified via `grype temporalio/temporal-worker-controller:v1.5.0` ## Test plan - [ ] CI passes with Go 1.25.8 - [ ] After merge, cherry-pick to `release/v1.5.1` branch and tag `v1.5.1` 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/temporalio/temporal-worker-controller
 
-go 1.25.7
+go 1.25.8
 
 require (
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
diff --git a/go.work b/go.work
@@ -1,4 +1,4 @@
-go 1.25.7
+go 1.25.8
 
 use (
 	.
diff --git a/internal/demo/go.mod b/internal/demo/go.mod
@@ -1,6 +1,6 @@
 module github.com/temporalio/temporal-worker-controller/internal/demo
 
-go 1.25.7
+go 1.25.8
 
 require (
 	github.com/prometheus/client_golang v1.23.0
diff --git a/internal/tests/go.mod b/internal/tests/go.mod
@@ -1,6 +1,6 @@
 module github.com/temporalio/temporal-worker-controller/tests
 
-go 1.25.7
+go 1.25.8
 
 require (
 	github.com/temporalio/temporal-worker-controller v1.0.1

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-go 1.25.7`
	`1`	`+go 1.25.8`
`2`	`2`
`3`	`3`	`use (`
`4`	`4`	`.`