build: use go 1.25 by PascalBourdier · Pull Request #7056 · operator-framework/operator-sdk

PascalBourdier · 2026-03-02T17:36:31Z

to fix CVE issues

cf: #7043

Description of the change:

Motivation for the change:

Checklist

If the pull request includes user-facing changes, extra documentation is required:

Add a new changelog fragment in changelog/fragments (see changelog/fragments/00-template.yaml)
Add or update relevant sections of the docs website in website/content/en/docs

to fix CVE issues cf: operator-framework#7043 Signed-off-by: Pascal Bourdier <pascal.bourdier@gmail.com>

acornett21

one change needs to be rolled back.

acornett21 · 2026-03-03T13:47:18Z

go.mod

-	k8s.io/kubectl v0.33.5
-	k8s.io/utils v0.0.0-20251002143259-bc988d571ff4
-	sigs.k8s.io/controller-runtime v0.21.0
+	k8s.io/api v0.35.1


Updating the go version, shouldn't have any dependency changes. Changing k8s versions is much more involved and a separate process. The dependencies need to be rolled back.

openshift-merge-robot · 2026-03-03T17:44:03Z

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

acornett21 · 2026-03-09T18:23:57Z

@PascalBourdier Thanks for trying to help with these updates, it's appreciated. I closed this PR, since I released the ansible-operator-plugin and need to update/release operator-sdk with these changes.

Just any FYI, everything in /testdata is scaffold-ed content, mainly coming from kubebuilder, with some additional things layered on, so typically those files aren't/can't be edited directly.

openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 2, 2026

PascalBourdier temporarily deployed to deploy March 2, 2026 17:38 — with GitHub Actions Inactive

PascalBourdier had a problem deploying to deploy March 2, 2026 17:38 — with GitHub Actions Failure

PascalBourdier had a problem deploying to deploy March 2, 2026 17:38 — with GitHub Actions Error

build: use go 1.25

5d297fc

to fix CVE issues cf: operator-framework#7043 Signed-off-by: Pascal Bourdier <pascal.bourdier@gmail.com>

PascalBourdier force-pushed the go-1.25 branch from 1cbdbdd to 5d297fc Compare March 3, 2026 11:04

PascalBourdier temporarily deployed to deploy March 3, 2026 11:05 — with GitHub Actions Inactive

acornett21 requested changes Mar 3, 2026

View reviewed changes

openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 3, 2026

acornett21 mentioned this pull request Mar 9, 2026

updating go and dependencies to address cve's #7064

Merged

2 tasks

acornett21 closed this Mar 9, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build: use go 1.25#7056

build: use go 1.25#7056
PascalBourdier wants to merge 1 commit intooperator-framework:masterfrom
PascalBourdier:go-1.25

PascalBourdier commented Mar 2, 2026

Uh oh!

acornett21 left a comment

Uh oh!

acornett21 Mar 3, 2026

Uh oh!

openshift-merge-robot commented Mar 3, 2026

Uh oh!

acornett21 commented Mar 9, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

PascalBourdier commented Mar 2, 2026

Uh oh!

acornett21 left a comment

Choose a reason for hiding this comment

Uh oh!

acornett21 Mar 3, 2026

Choose a reason for hiding this comment

Uh oh!

openshift-merge-robot commented Mar 3, 2026

Uh oh!

acornett21 commented Mar 9, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants