Skip to content

fix(security): remediate CVE vulnerabilities#325

Merged
ulucinar merged 1 commit intomainfrom
fix/cve-remediation-main-20260225-202243
Feb 25, 2026
Merged

fix(security): remediate CVE vulnerabilities#325
ulucinar merged 1 commit intomainfrom
fix/cve-remediation-main-20260225-202243

Conversation

@ulucinar
Copy link
Copy Markdown
Collaborator

@ulucinar ulucinar commented Feb 25, 2026
edited
Loading

Summary

This PR fixes CVE vulnerabilities identified by security scanning.

Vulnerabilities Fixed

CVE/GHSA Severity Package Fixed Version
CVE-2025-68121 Critical stdlib go1.24.13
CVE-2025-61726 High stdlib go1.24.13
CVE-2025-61731 High stdlib go1.24.13
CVE-2025-61732 High stdlib go1.24.13
CVE-2025-61728 Medium stdlib go1.24.13
CVE-2025-61730 Medium stdlib go1.24.13

Changes Made

  • Updated Go version from 1.24.11 to 1.24.13 in go.mod

References

Verification

  • Rescanned with cve-scan skill after fixes
  • All listed vulnerabilities resolved

@ulucinar
fix(security): remediate CVE vulnerabilities
0ca1ac3 
- Update Go version to 1.24.13 (fixes CVE-2025-68121, CVE-2025-61726,
  CVE-2025-61731, CVE-2025-61732, CVE-2025-61728, CVE-2025-61730)

Signed-off-by: Alper Rifat Ulucinar <ulucinar@users.noreply.github.com>
@ulucinar
Copy link
Copy Markdown
Collaborator Author

ulucinar commented Feb 25, 2026

Build Failure Analysis

Check: e2e-tests
Status: Failed
Analyzed: 2026-02-25T17:30:55Z

Summary

The e2e-tests check failed due to a timeout waiting for the Crossplane deployment to become ready during test initialization.

Root Cause

The test infrastructure (Kind cluster with Crossplane) failed to initialize within the expected time window. The Crossplane deployment and pods did not reach the ready state before the timeout expired. Additionally, GitHub's cache service was unavailable during this run, which may have contributed to the failure.

This is a transient CI infrastructure issue, not a code problem.

Error Details

error: timed out waiting for the condition on deployments/crossplane
error: timed out waiting for the condition on pods/crossplane-548864b989-xglpg
make: *** [build/makelib/local.xpkg.mk:21: local.xpkg.init] Error 1

Recommendation

Retry the failed workflow run. This is a transient infrastructure issue that should resolve on retry.

gh run rerun 22408027298 --failed --repo crossplane-contrib/provider-helm

This analysis was generated by the build-failure-analyze skill.

sergenyalcin
sergenyalcin approved these changes Feb 25, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@sergenyalcin sergenyalcin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @ulucinar LGTM!

@ulucinar ulucinar merged commit 9e411cf into main Feb 25, 2026
10 of 11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sergenyalcin sergenyalcin sergenyalcin approved these changes

@turkenh turkenh Awaiting requested review from turkenh turkenh is a code owner

@lsviben lsviben Awaiting requested review from lsviben lsviben is a code owner

@erhancagirici erhancagirici Awaiting requested review from erhancagirici erhancagirici is a code owner

@turkenf turkenf Awaiting requested review from turkenf turkenf is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ulucinar @sergenyalcin