Summary
This release includes security vulnerability remediations and dependency updates.
Security Fixes
This release addresses multiple CVE vulnerabilities:
Go stdlib vulnerabilities:
- Updated Go version to 1.25.9 to address CVE-2026-27140, CVE-2026-32283, CVE-2026-32280, CVE-2026-32281, CVE-2026-32289, CVE-2026-32282, CVE-2026-32288
Dependency vulnerabilities:
- Updated
github.com/hashicorp/go-getterto v1.8.6 (fixes GHSA-92mm-2pjq-r785) - Updated
github.com/go-jose/go-jose/v4to v4.1.4 (fixes GHSA-78h2-9frx-2jm8) - Updated
go.opentelemetry.io/otel/sdkto v1.43.0 (fixes GHSA-hfvc-g4fc-pqhx) - Updated
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstreamto v1.7.8 (fixes GHSA-xmrv-pmrh-hhx2) - Updated
github.com/aws/aws-sdk-go-v2/service/s3to v1.97.3 (fixes GHSA-xmrv-pmrh-hhx2)
Other Changes
- Updated CI workflow Go version to match go.mod