Fix some CVEs

sonobuoy (gobinary)

Total: 3 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 2, CRITICAL: 0)

┌────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────────┬─────────────────────────────────────────────────────────────┐
│          Library           │ Vulnerability  │ Severity │ Status │ Installed Version │    Fixed Version    │                            Title                            │
├────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────────┼─────────────────────────────────────────────────────────────┤
│ github.com/sirupsen/logrus │ CVE-2025-65637 │ HIGH     │ fixed  │ v1.9.0            │ 1.8.3, 1.9.1, 1.9.3 │ github.com/sirupsen/logrus: github.com/sirupsen/logrus:     │
│                            │                │          │        │                   │                     │ Denial-of-Service due to large single-line payload          │
│                            │                │          │        │                   │                     │ https://avd.aquasec.com/nvd/cve-2025-65637                  │
├────────────────────────────┼────────────────┤          │        ├───────────────────┼─────────────────────┼─────────────────────────────────────────────────────────────┤
│ stdlib                     │ CVE-2025-61729 │          │        │ v1.24.9           │ 1.24.11, 1.25.5     │ crypto/x509: Excessive resource consumption when printing   │
│                            │                │          │        │                   │                     │ error string for host certificate validation...             │
│                            │                │          │        │                   │                     │ https://avd.aquasec.com/nvd/cve-2025-61729                  │
│                            ├────────────────┼──────────┤        │                   │                     ├─────────────────────────────────────────────────────────────┤
│                            │ CVE-2025-61727 │ MEDIUM   │        │                   │                     │ golang: crypto/x509: excluded subdomain constraint does not │
│                            │                │          │        │                   │                     │ restrict wildcard SANs                                      │
│                            │                │          │        │                   │                     │ https://avd.aquasec.com/nvd/cve-2025-61727                  │
└────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────┴─────────────────────────────────────────────────────────────┘

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>

Author: masap

go.mod

@@ -1,6 +1,6 @@
 module github.com/vmware-tanzu/sonobuoy
 
-go 1.24.9
+go 1.24.11
 
 require (
 	github.com/briandowns/spinner v1.19.0
@@ -11,7 +11,7 @@ require (
 	github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5
 	github.com/satori/go.uuid v1.2.1-0.20181028125025-b2ce2384e17b
 	github.com/sethgrid/pester v1.2.0
-	github.com/sirupsen/logrus v1.9.0
+	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.6.1
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.18.0

go.sum

@@ -168,8 +168,8 @@ github.com/satori/go.uuid v1.2.1-0.20181028125025-b2ce2384e17b h1:gQZ0qzfKHQIybL
 github.com/satori/go.uuid v1.2.1-0.20181028125025-b2ce2384e17b/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/sethgrid/pester v1.2.0 h1:adC9RS29rRUef3rIKWPOuP1Jm3/MmB6ke+OhE5giENI=
 github.com/sethgrid/pester v1.2.0/go.mod h1:hEUINb4RqvDxtoCaU0BNT/HV4ig5kfgOasrf1xcvr0A=
-github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
-github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
 github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=

scripts/build_funcs.sh

@@ -31,7 +31,7 @@ IMAGE_BRANCH=$(git rev-parse --abbrev-ref HEAD | sed 's/\///g')
 GIT_REF_LONG=$(git rev-parse --verify HEAD)
 
 BUILDMNT=/go/src/$GOTARGET
-BUILD_IMAGE=golang:1.24.9
+BUILD_IMAGE=golang:1.24.11
 AMD_IMAGE=gcr.io/distroless/static:nonroot
 ARM_IMAGE=gcr.io/distroless/static:nonroot-arm64
 PPC64LE_IMAGE=gcr.io/distroless/static:nonroot-ppc64le

test/integration/testImage/Dockerfile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.24.9 AS base
+FROM golang:1.24.11 AS base
 WORKDIR /src
 
 # Handle the go modules first to take advantage of Docker cache.