fix(security): remediate CVE vulnerabilities

[ulucinar]

Summary

This PR fixes CVE vulnerabilities identified by security scanning.

Vulnerabilities Fixed

CVE/GHSA	Severity	Package	Fixed Version
CVE-2026-39820	High	stdlib	go1.25.10
CVE-2026-42499	High	stdlib	go1.25.10
CVE-2026-39836	High	stdlib	go1.25.10
CVE-2026-33814	High	stdlib	go1.25.10
CVE-2026-33811	High	stdlib	go1.25.10
CVE-2026-42501	High	stdlib	go1.25.10
CVE-2026-39817	Medium	stdlib	go1.25.10
CVE-2026-39826	Medium	stdlib	go1.25.10
CVE-2026-39825	Medium	stdlib	go1.25.10
CVE-2026-39823	Medium	stdlib	go1.25.10
CVE-2026-39819	Medium	stdlib	go1.25.10

Changes Made

• Updated Go version from 1.25.9 to 1.25.10 in `go.mod`
• Ran `go mod tidy` to update `go.sum`
• Updated `GO_VERSION` from '1.25.9' to '1.25.10' in `.github/workflows/ci.yml`

References

• https://nvd.nist.gov/vuln/detail/CVE-2026-39820
• https://nvd.nist.gov/vuln/detail/CVE-2026-42499
• https://nvd.nist.gov/vuln/detail/CVE-2026-39836
• https://nvd.nist.gov/vuln/detail/CVE-2026-33814
• https://nvd.nist.gov/vuln/detail/CVE-2026-33811
• https://nvd.nist.gov/vuln/detail/CVE-2026-42501
• https://nvd.nist.gov/vuln/detail/CVE-2026-39817
• https://nvd.nist.gov/vuln/detail/CVE-2026-39826
• https://nvd.nist.gov/vuln/detail/CVE-2026-39825
• https://nvd.nist.gov/vuln/detail/CVE-2026-39823
• https://nvd.nist.gov/vuln/detail/CVE-2026-39819

Verification

• Rescanned with `cve-scan` skill after fixes
• All listed vulnerabilities resolved

[ulucinar]

Build Failure Analysis

Check: build (amd64)
Status: Failed
Analyzed: 2026-05-21T22:42:00Z

Summary

The build job failed during the "Setup the Crossplane CLI" step. The Crossplane CLI installation could not find version "current" on channel "master".

Root Cause

The workflow is configured with XP_VERSION: current and XP_CHANNEL: master, but this version is not available or no longer exists on the master channel. The Crossplane CLI installation script failed to download the requested version.

Error Details

Failed to download Crossplane CLI. Please make sure version current exists on channel master.
##[error]Process completed with exit code 1.

Recommendation

Update the CI workflow to use the stable channel with a stable version. Change .github/workflows/ci.yml:

• XP_CHANNEL: master → XP_CHANNEL: stable
• XP_VERSION: current → XP_VERSION: stable (or a specific version like v1.18.2)

This requires a code fix and will be addressed in the remediation plan.

---

_{This analysis was generated by the build-failure-analyze skill.}

[ulucinar]

Build Failure Analysis

Check: build (amd64)
Status: Failed
Analyzed: 2026-05-21T23:13:00Z

Summary

The build job failed during the "Setup the Crossplane CLI" step. The Crossplane CLI installation cannot find a version called "stable" on the stable channel.

Root Cause

The workflow is configured with XP_VERSION: stable, but "stable" is not a valid version value for the Crossplane CLI installation script. The script expects either:

• A specific version number (e.g., v1.18.2)
• An empty string to get the latest version from the channel

Using "stable" as the version value causes the installation to fail.

Error Details

Failed to download Crossplane CLI. Please make sure version stable exists on channel stable.
##[error]Process completed with exit code 1.

Recommendation

Update .github/workflows/ci.yml to use an empty string for XP_VERSION:

XP_CHANNEL: stable
XP_VERSION: ''

This requires a code fix and will be addressed in the remediation plan.

---

_{This analysis was generated by the build-failure-analyze skill.}