Skip to content

ci: Update Go Version to v1.25.7#5529

Merged
blewis12 merged 2 commits intomainfrom
blewis12/update-go-to-v1.25.7
Feb 13, 2026
Merged

ci: Update Go Version to v1.25.7#5529
blewis12 merged 2 commits intomainfrom
blewis12/update-go-to-v1.25.7

Conversation

@blewis12
Copy link
Member

@blewis12 blewis12 commented Feb 13, 2026
edited
Loading

A follow up to #5525

Should also fix CVE-2025-68121

@blewis12 blewis12 requested a review from a team as a code owner February 13, 2026 08:52
@github-actions
Copy link
Contributor

github-actions bot commented Feb 13, 2026
edited
Loading

🔍 Dependency Review

No third-party module dependency versions changed in any go.mod file. The only go.mod changes are to the Go toolchain directive.

Go toolchain: 1.25.6 → 1.25.7 (root, collector/, extension/alloyengine/, syntax/)

Status: ✅ Safe

Scope:

  • go directives updated in:
    • ./go.mod
    • ./collector/go.mod
    • ./extension/alloyengine/go.mod
    • ./syntax/go.mod

Impact assessment:

  • This is a patch update of the Go toolchain. Patch releases follow Go’s compatibility promise and are intended to include bug/security fixes without requiring code changes.
  • No module requirements or versions changed; no public APIs from dependencies changed.

Code changes required:

  • None.

Build/CI consistency:

  • Dockerfiles and CI utilize matching Go 1.25.7 images, which aligns with the go directive changes.

References:

Notes

  • No module dependency updates were detected in go.mod files; CI/container image tag updates and Go patch-level bumps were outside the scope of dependency API review.

@kalleep
Copy link
Contributor

kalleep commented Feb 13, 2026

You also need to update GHA to use new build image. And there is a bunch of other places we we can just update the version. See https://github.com/grafana/alloy/pull/5286/changes as a template

@blewis12 blewis12 added the backport/v1.13 Backport to release/v1.13 label Feb 13, 2026
@blewis12 blewis12 merged commit b42f2f8 into main Feb 13, 2026
58 checks passed
@blewis12 blewis12 deleted the blewis12/update-go-to-v1.25.7 branch February 13, 2026 11:18
grafana-alloybot bot pushed a commit that referenced this pull request Feb 13, 2026
@blewis12 @grafana-alloybot
ci: Update Go Version to v1.25.7 (#5529)
72df4d3 
A follow up to #5525

Should also fix
[CVE-2025-68121](https://ops.grafana-ops.net/a/grafana-vulnerabilityobs-app/cves/details/CVE-2025-68121)

(cherry picked from commit b42f2f8)
@grafana-alloybot grafana-alloybot bot mentioned this pull request Feb 13, 2026
Merged
kalleep pushed a commit that referenced this pull request Feb 13, 2026
@grafana-alloybot @blewis12
ci: Update Go Version to v1.25.7 [backport] (#5532)
c5bae26 
## Backport of #5529

This PR backports #5529 to release/v1.13.

### Original PR Author
@blewis12

### Description
A follow up to #5525

Should also fix
[CVE-2025-68121](https://ops.grafana-ops.net/a/grafana-vulnerabilityobs-app/cves/details/CVE-2025-68121)

---
*This backport was created automatically.*

Co-authored-by: Bejal Lewis <164711649+blewis12@users.noreply.github.com>
matt-gp pushed a commit to matt-gp/alloy that referenced this pull request Feb 13, 2026
@blewis12 @matt-gp
ci: Update Go Version to v1.25.7 (grafana#5529)
a4a0108 
A follow up to grafana#5525

Should also fix
[CVE-2025-68121](https://ops.grafana-ops.net/a/grafana-vulnerabilityobs-app/cves/details/CVE-2025-68121)
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 28, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@kalleep kalleep kalleep approved these changes

Assignees

No one assigned

Labels

backport/v1.13 Backport to release/v1.13 frozen-due-to-age

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@blewis12 @kalleep