Skip to content

Update golang to 1.24.6 (main)#3052

Merged
simonbaird merged 4 commits into
conforma:mainfrom
simonbaird:update-golang-main
Dec 9, 2025
Merged

Update golang to 1.24.6 (main)#3052
simonbaird merged 4 commits into
conforma:mainfrom
simonbaird:update-golang-main

Conversation

@simonbaird

@simonbaird simonbaird commented Dec 8, 2025

Copy link
Copy Markdown
Member

PR Type

Enhancement


Description

  • Update Go version from 1.24.4 to 1.24.6 across all modules

  • Update ubi-minimal base image to latest digest

  • Synchronize Go version in tool-versions, Dockerfile, and all go.mod files


Diagram Walkthrough

flowchart LR
  A["Go 1.24.4"] -- "upgrade" --> B["Go 1.24.6"]
  C["ubi-minimal old digest"] -- "update" --> D["ubi-minimal new digest"]
  B --> E["Updated files"]
  D --> E
  E --> F["Dockerfile, go.mod files, tool-versions"]
Loading

File Walkthrough

Relevant files
Dependencies
.tool-versions
Update Go version in tool-versions                                             

.tool-versions

  • Update Go version from 1.24.4 to 1.24.6
+1/-1     
Dockerfile
Update Go and ubi-minimal versions                                             

Dockerfile

  • Update Go base image from 1.24.4 to 1.24.6
  • Update ubi-minimal base image digest to latest version
+2/-2     
Dockerfile.dist
Update ubi-minimal base image digest                                         

Dockerfile.dist

  • Update ubi-minimal base image digest to latest version
+1/-1     
go.mod
Update Go version in acceptance module                                     

acceptance/go.mod

  • Update Go version from 1.24.4 to 1.24.6
+1/-1     
go.mod
Update Go version in main module                                                 

go.mod

  • Update Go version from 1.24.4 to 1.24.6
+1/-1     
go.mod
Update Go version in tools module                                               

tools/go.mod

  • Update Go version from 1.24.4 to 1.24.6
+1/-1     
go.mod
Update Go version in kubectl tools module                               

tools/kubectl/go.mod

  • Update Go version from 1.24.4 to 1.24.6
+1/-1     

@qodo-code-review

qodo-code-review Bot commented Dec 8, 2025

Copy link
Copy Markdown
Contributor

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢
No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
🎫 No ticket provided
  • Create ticket/issue
Codebase Duplication Compliance
Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance
🟢
Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status:
No runtime logging: The changes only update toolchain and base image versions without adding or modifying any
application logic, so there is no evidence in this diff that critical actions are logged.

Referred Code
FROM docker.io/library/golang:1.24.6 AS build

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status:
No error paths: The diff only updates Go versions and base image digests, with no new executable code
where errors would be handled, so compliance cannot be determined from this change.

Referred Code
FROM docker.io/library/golang:1.24.6 AS build

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status:
No user errors: No user-facing error handling is introduced or modified in this diff, so it is not
possible to assess exposure of internal details from the changes shown.

Referred Code
FROM registry.access.redhat.com/ubi9/ubi-minimal:latest@sha256:6fc28bcb6776e387d7a35a2056d9d2b985dc4e26031e98a2bd35a7137cd6fd71

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status:
No logging context: The PR only updates tooling versions and base images without touching logging code, so we
cannot verify structured, non-sensitive logging from the provided changes.

Referred Code
golang 1.24.6

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status:
No input handling: Since the diff only upgrades Go versions and the base image digest, there is no new input
handling to assess for validation, sanitization, or secure data processing.

Referred Code
FROM registry.access.redhat.com/ubi9/ubi-minimal:latest@sha256:6fc28bcb6776e387d7a35a2056d9d2b985dc4e26031e98a2bd35a7137cd6fd71

Learn more about managing compliance generic rules or creating your own custom rules

  • Update
Compliance status legend 🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

@qodo-code-review

qodo-code-review Bot commented Dec 8, 2025

Copy link
Copy Markdown
Contributor

PR Code Suggestions ✨

No code suggestions found for the PR.

simonbaird and others added 4 commits December 8, 2025 16:44
Updated ImageReferenceInStubRegistry function to accept a pre-composed
string instead of format string + args to comply with Go 1.24.6's
stricter format string validation that prevents format string injection
vulnerabilities.

See also commit 9a8c021 in
release-v0.6 branch which is similar, and also
12e1018 in release-v0.7 branch.

Co-authored-by: Claude Code <noreply@anthropic.com>
The previous commit fixes the thing that the linter didn't like.
@codecov

codecov Bot commented Dec 8, 2025

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

Flag Coverage Δ
acceptance 55.53% <ø> (ø)
generative 19.01% <ø> (ø)
integration 27.89% <ø> (ø)
unit 67.57% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@simonbaird

Copy link
Copy Markdown
Member Author

/retest

@robnester-rh robnester-rh left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@st3penta st3penta left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@simonbaird simonbaird merged commit 048da8f into conforma:main Dec 9, 2025
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants