From b62623c57019dfda90b019ed4368126c6752b9dd Mon Sep 17 00:00:00 2001
From: Jubril Oyetunji <cyberdev01@protonmail.com>
Date: Mon, 2 Feb 2026 15:22:30 +0100
Subject: [PATCH] security:  resolve CVE-2025-61729 & CVE-2025-47913 via
 package upgrade

---
 Dockerfile_backend    | 2 +-
 Dockerfile_backend_ee | 2 +-
 Dockerfile_drift      | 2 +-
 go.mod                | 2 ++
 go.sum                | 2 ++
 5 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/Dockerfile_backend b/Dockerfile_backend
index fb622fe0e..43980968f 100644
--- a/Dockerfile_backend
+++ b/Dockerfile_backend
@@ -1,4 +1,4 @@
-FROM golang:1.25.4 as builder
+FROM golang:1.25.6 as builder
 ARG COMMIT_SHA
 RUN echo "commit sha: ${COMMIT_SHA}"
 
diff --git a/Dockerfile_backend_ee b/Dockerfile_backend_ee
index da5afd389..cf785beff 100644
--- a/Dockerfile_backend_ee
+++ b/Dockerfile_backend_ee
@@ -1,4 +1,4 @@
-FROM golang:1.25.4 as builder
+FROM golang:1.25.6 as builder
 ARG COMMIT_SHA
 RUN echo "commit sha: ${COMMIT_SHA}"
 
diff --git a/Dockerfile_drift b/Dockerfile_drift
index e6e659a94..4806430d2 100644
--- a/Dockerfile_drift
+++ b/Dockerfile_drift
@@ -1,4 +1,4 @@
-FROM golang:1.25.4 AS builder
+FROM golang:1.25.6 AS builder
 ARG COMMIT_SHA
 RUN echo "commit sha: ${COMMIT_SHA}"
 
diff --git a/go.mod b/go.mod
index 53cf30cb2..85a4cfdd8 100644
--- a/go.mod
+++ b/go.mod
@@ -1,3 +1,5 @@
 module github.com/diggerhq/digger
 
 go 1.25.0
+
+require golang.org/x/crypto v0.47.0 // indirect
diff --git a/go.sum b/go.sum
index e69de29bb..1574a8833 100644
--- a/go.sum
+++ b/go.sum
@@ -0,0 +1,2 @@
+golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
+golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=