From eeabf62e6bb045732541892fd747d073525f228a Mon Sep 17 00:00:00 2001
From: Naveen Sreeramachandra <naveen.sreeramachandra@broadcom.com>
Date: Wed, 14 Jan 2026 01:38:01 +0000
Subject: [PATCH] Update Go version to 1.25.5 to address CVE-2025-61729

CVE-2025-61729 (GO-2025-4155) is a high-severity vulnerability affecting
Go versions < 1.24.11 and 1.25.0-1.25.4. The vulnerability causes
excessive resource consumption in printing error strings for host
certificate validation.

This commit updates the Go version from 1.25.4 to 1.25.5, which includes
the fix for this CVE.

Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-61729
---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index ded7267013..90be41b51c 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module code.cloudfoundry.org/cli/v9
 
-go 1.25.4
+go 1.25.5
 
 require (
 	code.cloudfoundry.org/bytefmt v0.59.0