updating go and dependencies to address cve's by acornett21 · Pull Request #7064 · operator-framework/operator-sdk

acornett21 · 2026-03-09T17:23:05Z

Description of the change:

Fixes: Golang version needs to be updated for CVEs #7043
Fixes: Vulnerability in operator-sdk project #7042
Fixes: DefaultInitImage needs updating #7044
Closes: build: use go 1.25 #7056
Closes: chore: use ubi 9.7 #7057

Motivation for the change:

Checklist

If the pull request includes user-facing changes, extra documentation is required:

Add a new changelog fragment in changelog/fragments (see changelog/fragments/00-template.yaml)
Add or update relevant sections of the docs website in website/content/en/docs

Signed-off-by: Adam D. Cornett <adc@redhat.com>

openshift-ci bot requested review from joelanford and oceanc80 March 9, 2026 17:23

acornett21 temporarily deployed to deploy March 9, 2026 17:23 — with GitHub Actions Inactive

acornett21 had a problem deploying to deploy March 9, 2026 17:23 — with GitHub Actions Failure

acornett21 had a problem deploying to deploy March 9, 2026 17:23 — with GitHub Actions Error

acornett21 added 4 commits March 9, 2026 10:29

updating ansible operator dependency, updating to go 1.25.7

6804191

Signed-off-by: Adam D. Cornett <adc@redhat.com>

updating go-git to address CVE-2026-25934

857f4c2

Signed-off-by: Adam D. Cornett <adc@redhat.com>

updating fulcio to address CVE-2025-66506

39187f9

Signed-off-by: Adam D. Cornett <adc@redhat.com>

updating sigstore to address CVE-2026-24137

42500c0

Signed-off-by: Adam D. Cornett <adc@redhat.com>

acornett21 force-pushed the update_deps branch from 44d5209 to 42500c0 Compare March 9, 2026 17:30

acornett21 temporarily deployed to deploy March 9, 2026 17:31 — with GitHub Actions Inactive

acornett21 temporarily deployed to deploy March 9, 2026 17:38 — with GitHub Actions Inactive

updating rest of the UBI images to 9.7

cad6d67

Signed-off-by: Adam D. Cornett <adc@redhat.com>

acornett21 force-pushed the update_deps branch from ac600f4 to cad6d67 Compare March 9, 2026 17:47

acornett21 temporarily deployed to deploy March 9, 2026 17:48 — with GitHub Actions Inactive

acornett21 changed the title ~~Update deps~~ updating go and dependencies to address cve's Mar 9, 2026

acornett21 merged commit d30cc01 into operator-framework:master Mar 9, 2026
22 of 23 checks passed

github-actions bot mentioned this pull request Mar 10, 2026

[operator-framework/operator-sdk] v1.42.1 vdemeester/chapeau-rouge#328

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

updating go and dependencies to address cve's#7064

updating go and dependencies to address cve's#7064
acornett21 merged 5 commits intooperator-framework:masterfrom
acornett21:update_deps

acornett21 commented Mar 9, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

acornett21 commented Mar 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

acornett21 commented Mar 9, 2026 •

edited

Loading