From cb0439c39b1407b2d36341af7026ab516620bf6c Mon Sep 17 00:00:00 2001
From: Patrick Zhan <patrick.zhan@tigera.io>
Date: Wed, 13 May 2026 14:36:00 -0700
Subject: [PATCH] [CVE] Bump Go to 1.25.10 / GO_BUILD_VER on release-v1.42

Picks up Go 1.25.10 to address CVE-2026-27143 (critical) and five
high-severity stdlib CVEs flagged in the v3.23 hashrelease scans of
the operator image. Matches the calico-private release-calient-v3.23
bump merged as tigera/calico-private#11858.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 Makefile   | 2 +-
 api/go.mod | 2 +-
 go.mod     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index f22ded40e0..d57fd765d5 100644
--- a/Makefile
+++ b/Makefile
@@ -101,7 +101,7 @@ endif
 REPO?=tigera/operator
 PACKAGE_NAME?=github.com/tigera/operator
 LOCAL_USER_ID?=$(shell id -u $$USER)
-GO_BUILD_VER?=1.25.9-llvm18.1.8-k8s1.35.4
+GO_BUILD_VER?=1.25.10-llvm18.1.8-k8s1.35.4
 CALICO_BASE_VER ?= ubi9-1771532994
 CALICO_BUILD?=calico/go-build:$(GO_BUILD_VER)-$(BUILDARCH)
 CALICO_BASE ?= calico/base:$(CALICO_BASE_VER)
diff --git a/api/go.mod b/api/go.mod
index a266ccb8c2..104f1864dc 100644
--- a/api/go.mod
+++ b/api/go.mod
@@ -1,6 +1,6 @@
 module github.com/tigera/operator/api
 
-go 1.25.9
+go 1.25.10
 
 require (
 	github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.80.1
diff --git a/go.mod b/go.mod
index 38859ca66e..e06c528830 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/tigera/operator
 
-go 1.25.9
+go 1.25.10
 
 require (
 	github.com/Masterminds/semver/v3 v3.4.0