diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index d2a84637db09..59bf28de5215 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -37,7 +37,7 @@ jobs: uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0 with: # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version - version: v2.1.0 + version: v2.5.0 # Give the job more time to execute. # Regarding `--whole-files`, the linter is supposed to support linting of changed a patch only but, diff --git a/.go-version b/.go-version index d6c68ad2d09b..26a9e99b38be 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.24.11 +1.25.4 diff --git a/NOTICE.txt b/NOTICE.txt index 0cb7accf8902..a312d9e2d1d9 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -16509,11 +16509,11 @@ Contents of probable licence file $GOMODCACHE/github.com/gomodule/redigo@v1.9.2/ -------------------------------------------------------------------------------- Dependency : github.com/google/cel-go -Version: v0.25.0 +Version: v0.26.1 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/google/cel-go@v0.25.0/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/google/cel-go@v0.26.1/LICENSE: Apache License diff --git a/auditbeat/Dockerfile b/auditbeat/Dockerfile index 765741b5967e..769fc2fa56b2 100644 --- a/auditbeat/Dockerfile +++ b/auditbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.24.11-bookworm +FROM golang:1.25.4-bookworm RUN \ apt-get update \ diff --git a/changelog/fragments/1760385532-bump-golang-1.25.4.yaml b/changelog/fragments/1760385532-bump-golang-1.25.4.yaml new file mode 100644 index 000000000000..58838a7ad79c --- /dev/null +++ b/changelog/fragments/1760385532-bump-golang-1.25.4.yaml @@ -0,0 +1,32 @@ +# Kind can be one of: +# - breaking-change: a change to previously-documented behavior +# - deprecation: functionality that is being removed in a later release +# - bug-fix: fixes a problem in a previous version +# - enhancement: extends functionality but does not break or fix existing behavior +# - feature: new functionality +# - known-issue: problems that we are aware of in a given version +# - security: impacts on the security of a product or a user’s deployment. +# - upgrade: important information for someone upgrading from a prior version +# - other: does not fit into any of the other categories +kind: other + +# Change summary; a 80ish characters long description of the change. +summary: Update Go to 1.25.4 + +# Long description; in case the summary is not enough to describe the change +# this field accommodate a description without length limits. +# NOTE: This field will be rendered only for breaking-change and known-issue kinds at the moment. +#description: + +# Affected component; usually one of "elastic-agent", "fleet-server", "filebeat", "metricbeat", "auditbeat", "all", etc. +component: all + +# PR URL; optional; the PR number that added the changeset. +# If not present is automatically filled by the tooling finding the PR where this changelog fragment has been added. +# NOTE: the tooling supports backports, so it's able to fill the original PR number instead of the backport PR number. +# Please provide it if you are adding a fragment for a different PR. +#pr: https://github.com/owner/repo/1234 + +# Issue URL; optional; the GitHub issue related to this changeset (either closes or is part of). +# If not present is automatically filled by the tooling with the issue linked to the PR number. +#issue: https://github.com/owner/repo/1234 diff --git a/dev-tools/kubernetes/filebeat/Dockerfile.debug b/dev-tools/kubernetes/filebeat/Dockerfile.debug index 9a457675d413..2af090c81ba0 100644 --- a/dev-tools/kubernetes/filebeat/Dockerfile.debug +++ b/dev-tools/kubernetes/filebeat/Dockerfile.debug @@ -1,4 +1,4 @@ -FROM golang:1.24.11-bookworm as builder +FROM golang:1.25.4-bookworm as builder ENV PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/go/bin:/usr/local/go/bin diff --git a/dev-tools/kubernetes/heartbeat/Dockerfile.debug b/dev-tools/kubernetes/heartbeat/Dockerfile.debug index 8936e7691466..d62210efd48a 100644 --- a/dev-tools/kubernetes/heartbeat/Dockerfile.debug +++ b/dev-tools/kubernetes/heartbeat/Dockerfile.debug @@ -1,4 +1,4 @@ -FROM golang:1.24.11-bookworm as builder +FROM golang:1.25.4-bookworm as builder ENV PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/go/bin:/usr/local/go/bin diff --git a/dev-tools/kubernetes/metricbeat/Dockerfile.debug b/dev-tools/kubernetes/metricbeat/Dockerfile.debug index e484ff2fb4df..95fd00aac058 100644 --- a/dev-tools/kubernetes/metricbeat/Dockerfile.debug +++ b/dev-tools/kubernetes/metricbeat/Dockerfile.debug @@ -1,4 +1,4 @@ -FROM golang:1.24.11-bookworm as builder +FROM golang:1.25.4-bookworm as builder ENV PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/go/bin:/usr/local/go/bin diff --git a/dev-tools/mage/fips-settings.yaml b/dev-tools/mage/fips-settings.yaml index 8588bf64528f..21939d9ec20b 100644 --- a/dev-tools/mage/fips-settings.yaml +++ b/dev-tools/mage/fips-settings.yaml @@ -11,7 +11,6 @@ compile: MS_GOTOOLCHAIN_TELEMETRY_ENABLED: "0" tags: - requirefips - - ms_tls13kdf platforms: # If the platform list changes, update the platforms for FIPS packaging in CI pipelines '.buildkite/**/pipeline..yml' and '.buildkite/packaging-pipeline.yml' - linux/amd64 diff --git a/dev-tools/mage/gotest.go b/dev-tools/mage/gotest.go index 720b57cd6a9e..301e3045e904 100644 --- a/dev-tools/mage/gotest.go +++ b/dev-tools/mage/gotest.go @@ -127,7 +127,7 @@ func fetchGoPackages(module string) ([]string, error) { // testTagsFromEnv gets a list of comma-separated tags from the TEST_TAGS // environment variables, e.g: TEST_TAGS=aws,azure. -// If the FIPS env var is set to true, the requirefips and ms_tls13kdf tags are injected. +// If the FIPS env var is set to true, the requirefips tag is injected. func testTagsFromEnv() []string { testTags := strings.Trim(os.Getenv("TEST_TAGS"), ", ") var tags []string @@ -135,7 +135,7 @@ func testTagsFromEnv() []string { tags = strings.Split(testTags, ",") } if FIPSBuild { - tags = append(tags, "requirefips", "ms_tls13kdf") + tags = append(tags, "requirefips") } return tags } @@ -148,7 +148,13 @@ func DefaultGoTestUnitArgs() GoTestArgs { return makeGoTestArgs("Unit") } // fips140=only unit tests. func DefaultGoFIPSOnlyTestArgs() GoTestArgs { args := makeGoTestArgs("Unit-FIPS-only") - args.Env["GODEBUG"] = "fips140=only" + + // We also set GODEBUG=tlsmlkem=0 to disable the X25519MLKEM768 TLS key + // exchange mechanism; without this setting and with the GODEBUG=fips140=only + // setting, we get errors in tests like so: + // Failed to connect: crypto/ecdh: use of X25519 is not allowed in FIPS 140-only mode + // Note that we are only disabling this TLS key exchange mechanism in tests! + args.Env["GODEBUG"] = "fips140=only,tlsmlkem=0" return args } @@ -211,7 +217,13 @@ func FIPSOnlyGoTestIntegrationFromHostArgs(ctx context.Context) GoTestArgs { args := DefaultGoTestIntegrationArgs(ctx) args.Tags = append(args.Tags, "requirefips") args.Env = WithGoIntegTestHostEnv(args.Env) - args.Env["GODEBUG"] = "fips140=only" + + // We also set GODEBUG=tlsmlkem=0 to disable the X25519MLKEM768 TLS key + // exchange mechanism; without this setting and with the GODEBUG=fips140=only + // setting, we get errors in tests like so: + // Failed to connect: crypto/ecdh: use of X25519 is not allowed in FIPS 140-only mode + // Note that we are only disabling this TLS key exchange mechanism in tests! + args.Env["GODEBUG"] = "fips140=only,tlsmlkem=0" return args } diff --git a/dev-tools/packaging/package_test.go b/dev-tools/packaging/package_test.go index 3473dfeb84c6..fb9cb0f167ec 100644 --- a/dev-tools/packaging/package_test.go +++ b/dev-tools/packaging/package_test.go @@ -842,7 +842,6 @@ func checkFIPS(t *testing.T, beatName, path string) { case "-tags": foundTags = true require.Contains(t, setting.Value, "requirefips") - require.Contains(t, setting.Value, "ms_tls13kdf") continue case "GOEXPERIMENT": foundExperiment = true diff --git a/filebeat/magefile.go b/filebeat/magefile.go index fe7ec93a5dba..8317b4e1bc3a 100644 --- a/filebeat/magefile.go +++ b/filebeat/magefile.go @@ -25,6 +25,7 @@ import ( "time" "github.com/magefile/mage/mg" + "github.com/magefile/mage/sh" devtools "github.com/elastic/beats/v7/dev-tools/mage" "github.com/elastic/beats/v7/dev-tools/mage/target/build" @@ -202,6 +203,16 @@ func GoIntegTest(ctx context.Context) error { // GoFIPSOnlyIntegTest starts the docker containers and executes the Go integration tests with GODEBUG=fips140=only set. func GoFIPSOnlyIntegTest(ctx context.Context) error { mg.Deps(BuildSystemTestBinary) + + // We pre-cache go module dependencies before running the unit tests with + // GODEBUG=fips140=only. Otherwise, the command that runs the unit tests + // will try to download the dependencies and could fail because the TLS + // negotiation with the Go module proxy could use a non-FIPS compliant + // key exchange protocol, e.g. X25519. + if err := sh.RunV(mg.GoCmd(), "mod", "download"); err != nil { + return err + } + return devtools.GoIntegTestFromHost(ctx, devtools.FIPSOnlyGoTestIntegrationFromHostArgs(ctx)) } diff --git a/go.mod b/go.mod index 384e45551d62..54e1f25dfa3e 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/elastic/beats/v7 -go 1.24.11 +go 1.25.4 require ( cloud.google.com/go/bigquery v1.69.0 @@ -188,7 +188,7 @@ require ( github.com/go-resty/resty/v2 v2.17.0 github.com/gofrs/uuid/v5 v5.3.2 github.com/golang-jwt/jwt/v5 v5.3.0 - github.com/google/cel-go v0.25.0 + github.com/google/cel-go v0.26.1 github.com/googleapis/gax-go/v2 v2.15.0 github.com/gorilla/handlers v1.5.1 github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 diff --git a/go.sum b/go.sum index e93585742a1e..ae94a4c51cb6 100644 --- a/go.sum +++ b/go.sum @@ -575,8 +575,8 @@ github.com/golang/snappy v1.0.0 h1:Oy607GVXHs7RtbggtPBnr2RmDArIsAefDwvrdWvRhGs= github.com/golang/snappy v1.0.0/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/gomodule/redigo v1.9.2 h1:HrutZBLhSIU8abiSfW8pj8mPhOyMYjZT/wcA4/L9L9s= github.com/gomodule/redigo v1.9.2/go.mod h1:KsU3hiK/Ay8U42qpaJk+kuNa3C+spxapWpM+ywhcgtw= -github.com/google/cel-go v0.25.0 h1:jsFw9Fhn+3y2kBbltZR4VEz5xKkcIFRPDnuEzAGv5GY= -github.com/google/cel-go v0.25.0/go.mod h1:hjEb6r5SuOSlhCHmFoLzu8HGCERvIsDAbxDAyNU/MmI= +github.com/google/cel-go v0.26.1 h1:iPbVVEdkhTX++hpe3lzSk7D3G3QSYqLGoHOcEio+UXQ= +github.com/google/cel-go v0.26.1/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PUIaryMM= github.com/google/flatbuffers v25.2.10+incompatible h1:F3vclr7C3HpB1k9mxCGRMXq6FdUalZ6H/pNX4FP1v0Q= github.com/google/flatbuffers v25.2.10+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo= diff --git a/heartbeat/Dockerfile b/heartbeat/Dockerfile index 582f185cf6f8..ef290b488ceb 100644 --- a/heartbeat/Dockerfile +++ b/heartbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.24.11-bookworm +FROM golang:1.25.4-bookworm RUN \ apt-get update \ diff --git a/heartbeat/hbtest/hbtestutil.go b/heartbeat/hbtest/hbtestutil.go index 74cc99648140..50588a7aac86 100644 --- a/heartbeat/hbtest/hbtestutil.go +++ b/heartbeat/hbtest/hbtestutil.go @@ -212,7 +212,7 @@ func ResolveChecks(ip string) validator.Validator { func SimpleURLChecks(t *testing.T, scheme string, host string, port uint16) validator.Validator { hostPort := host if port != 0 { - hostPort = fmt.Sprintf("%s:%d", host, port) + hostPort = net.JoinHostPort(host, strconv.Itoa(int(port))) } u, err := url.Parse(fmt.Sprintf("%s://%s", scheme, hostPort)) diff --git a/heartbeat/monitors/active/http/http_test.go b/heartbeat/monitors/active/http/http_test.go index de786fba2862..460acf35f4f2 100644 --- a/heartbeat/monitors/active/http/http_test.go +++ b/heartbeat/monitors/active/http/http_test.go @@ -32,6 +32,7 @@ import ( "os" "path" "reflect" + "strconv" "sync" "testing" "time" @@ -620,7 +621,7 @@ func TestConnRefusedJob(t *testing.T) { lookslike.Strict(lookslike.Compose( hbtest.BaseChecks(ip, "down", "http"), hbtest.SummaryStateChecks(0, 1), - hbtest.ECSErrCodeChecks(ecserr.CODE_NET_COULD_NOT_CONNECT, fmt.Sprintf("%s:%d", ip, port)), + hbtest.ECSErrCodeChecks(ecserr.CODE_NET_COULD_NOT_CONNECT, net.JoinHostPort(ip, strconv.Itoa(int(port)))), urlChecks(url), )), event.Fields, @@ -642,7 +643,7 @@ func TestUnreachableJob(t *testing.T) { lookslike.Strict(lookslike.Compose( hbtest.BaseChecks(ip, "down", "http"), hbtest.SummaryStateChecks(0, 1), - hbtest.ECSErrCodeChecks(ecserr.CODE_NET_COULD_NOT_CONNECT, fmt.Sprintf("%s:%d", ip, port)), + hbtest.ECSErrCodeChecks(ecserr.CODE_NET_COULD_NOT_CONNECT, net.JoinHostPort(ip, strconv.Itoa(int(port)))), urlChecks(url), )), event.Fields, diff --git a/libbeat/docs/version.asciidoc b/libbeat/docs/version.asciidoc index c88c5e31f958..1f9ae10c287f 100644 --- a/libbeat/docs/version.asciidoc +++ b/libbeat/docs/version.asciidoc @@ -1,6 +1,6 @@ :stack-version: 9.3.0 :doc-branch: current -:go-version: 1.24.11 +:go-version: 1.25.4 :release-state: unreleased :python: 3.7 :docker: 1.12 diff --git a/libbeat/processors/add_kubernetes_metadata/indexers.go b/libbeat/processors/add_kubernetes_metadata/indexers.go index b3ab387b2068..a60ee2e21ea7 100644 --- a/libbeat/processors/add_kubernetes_metadata/indexers.go +++ b/libbeat/processors/add_kubernetes_metadata/indexers.go @@ -19,6 +19,8 @@ package add_kubernetes_metadata import ( "fmt" + "net" + "strconv" "github.com/elastic/elastic-agent-autodiscover/kubernetes" "github.com/elastic/elastic-agent-autodiscover/kubernetes/metadata" @@ -247,7 +249,7 @@ func (h *IPPortIndexer) GetMetadata(pod *kubernetes.Pod) []MetadataIndex { if port.ContainerPort != 0 { m = append(m, MetadataIndex{ - Index: fmt.Sprintf("%s:%d", pod.Status.PodIP, port.ContainerPort), + Index: net.JoinHostPort(pod.Status.PodIP, strconv.Itoa(int(port.ContainerPort))), Data: h.metaGen.Generate( pod, metadata.WithFields("container.name", container.Name), @@ -279,7 +281,7 @@ func (h *IPPortIndexer) GetIndexes(pod *kubernetes.Pod) []string { for _, port := range ports { if port.ContainerPort != 0 { - hostPorts = append(hostPorts, fmt.Sprintf("%s:%d", pod.Status.PodIP, port.ContainerPort)) + hostPorts = append(hostPorts, net.JoinHostPort(pod.Status.PodIP, strconv.Itoa(int(port.ContainerPort)))) } } } diff --git a/libbeat/processors/add_kubernetes_metadata/indexers_test.go b/libbeat/processors/add_kubernetes_metadata/indexers_test.go index 9c012a166efd..e88102c6c4fb 100644 --- a/libbeat/processors/add_kubernetes_metadata/indexers_test.go +++ b/libbeat/processors/add_kubernetes_metadata/indexers_test.go @@ -19,6 +19,8 @@ package add_kubernetes_metadata import ( "fmt" + "net" + "strconv" "testing" "github.com/elastic/elastic-agent-autodiscover/kubernetes" @@ -468,12 +470,12 @@ func TestIpPortIndexer(t *testing.T) { indexers = ipIndexer.GetMetadata(&pod) assert.Equal(t, 2, len(indexers)) assert.Equal(t, ip, indexers[0].Index) - assert.Equal(t, fmt.Sprintf("%s:%d", ip, port), indexers[1].Index) + assert.Equal(t, net.JoinHostPort(ip, strconv.Itoa(int(port))), indexers[1].Index) indices = ipIndexer.GetIndexes(&pod) assert.Equal(t, 2, len(indices)) assert.Equal(t, ip, indices[0]) - assert.Equal(t, fmt.Sprintf("%s:%d", ip, port), indices[1]) + assert.Equal(t, net.JoinHostPort(ip, strconv.Itoa(int(port))), indices[1]) assert.Equal(t, expected.String(), indexers[0].Data.String()) expected.Put("kubernetes.container", diff --git a/metricbeat/Dockerfile b/metricbeat/Dockerfile index 26fa11e61f3a..f4acfc089998 100644 --- a/metricbeat/Dockerfile +++ b/metricbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.24.11-bookworm +FROM golang:1.25.4-bookworm COPY --from=docker:26.0.0-alpine3.19 /usr/local/bin/docker /usr/local/bin/ RUN \ diff --git a/metricbeat/helper/server/tcp/tcp_test.go b/metricbeat/helper/server/tcp/tcp_test.go index 07dcfea13f3c..80e0a51b1387 100644 --- a/metricbeat/helper/server/tcp/tcp_test.go +++ b/metricbeat/helper/server/tcp/tcp_test.go @@ -20,8 +20,8 @@ package tcp import ( - "fmt" "net" + "strconv" "testing" "github.com/stretchr/testify/assert" @@ -31,7 +31,7 @@ import ( ) func GetTestTcpServer(host string, port int) (server.Server, error) { - addr, err := net.ResolveTCPAddr("tcp", fmt.Sprintf("%s:%d", host, port)) + addr, err := net.ResolveTCPAddr("tcp", net.JoinHostPort(host, strconv.Itoa(int(port)))) if err != nil { return nil, err @@ -80,7 +80,7 @@ func TestTcpServer(t *testing.T) { } func writeToServer(t *testing.T, message, host string, port int) { - servAddr := fmt.Sprintf("%s:%d", host, port) + servAddr := net.JoinHostPort(host, strconv.Itoa(int(port))) tcpAddr, err := net.ResolveTCPAddr("tcp", servAddr) if err != nil { t.Error(err) diff --git a/metricbeat/helper/server/udp/udp_test.go b/metricbeat/helper/server/udp/udp_test.go index 8ffa88f0ca9f..657f66ba80ca 100644 --- a/metricbeat/helper/server/udp/udp_test.go +++ b/metricbeat/helper/server/udp/udp_test.go @@ -20,8 +20,8 @@ package udp import ( - "fmt" "net" + "strconv" "testing" "github.com/stretchr/testify/assert" @@ -31,7 +31,7 @@ import ( ) func GetTestUdpServer(host string, port int) (server.Server, error) { - addr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%d", host, port)) + addr, err := net.ResolveUDPAddr("udp", net.JoinHostPort(host, strconv.Itoa(int(port)))) if err != nil { return nil, err @@ -78,7 +78,7 @@ func TestUdpServer(t *testing.T) { } func writeToServer(t *testing.T, message, host string, port int) { - servAddr := fmt.Sprintf("%s:%d", host, port) + servAddr := net.JoinHostPort(host, strconv.Itoa(int(port))) conn, err := net.Dial("udp", servAddr) if err != nil { t.Error(err) diff --git a/metricbeat/magefile.go b/metricbeat/magefile.go index 36c1f9770c85..0193044b92d7 100644 --- a/metricbeat/magefile.go +++ b/metricbeat/magefile.go @@ -238,7 +238,13 @@ func GoFIPSOnlyIntegTest(ctx context.Context) error { if !devtools.IsInIntegTestEnv() { mg.SerialDeps(Fields, Dashboards) } - os.Setenv("GODEBUG", "fips140=only") + + // We also set GODEBUG=tlsmlkem=0 to disable the X25519MLKEM768 TLS key + // exchange mechanism; without this setting and with the GODEBUG=fips140=only + // setting, we get errors in tests like so: + // Failed to connect: crypto/ecdh: use of X25519 is not allowed in FIPS 140-only mode + // Note that we are only disabling this TLS key exchange mechanism in tests! + os.Setenv("GODEBUG", "fips140=only,tlsmlkem=0") return devtools.GoTestIntegrationForModule(ctx) } diff --git a/metricbeat/module/apache/status/status_test.go b/metricbeat/module/apache/status/status_test.go index 192007baa334..34333033f23a 100644 --- a/metricbeat/module/apache/status/status_test.go +++ b/metricbeat/module/apache/status/status_test.go @@ -245,7 +245,7 @@ func TestHostParser(t *testing.T) { {"localhost/ServerStatus", "http://localhost/ServerStatus?auto=", ""}, {"127.0.0.1", "http://127.0.0.1/server-status?auto=", ""}, {"https://127.0.0.1", "https://127.0.0.1/server-status?auto=", ""}, - {"[2001:db8::1]:80", "http://[2001:db8::1]:80/server-status?auto=", ""}, + {"[2001:db8:0:1::]:80", "http://[2001:db8:0:1::]:80/server-status?auto=", ""}, {"https://admin:secret@127.0.0.1", "https://admin:secret@127.0.0.1/server-status?auto=", ""}, } diff --git a/metricbeat/module/http/_meta/Dockerfile b/metricbeat/module/http/_meta/Dockerfile index a7fa836e079d..49a14654d482 100644 --- a/metricbeat/module/http/_meta/Dockerfile +++ b/metricbeat/module/http/_meta/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.24.11-bookworm +FROM golang:1.25.4-bookworm COPY test/main.go main.go diff --git a/metricbeat/module/vsphere/_meta/Dockerfile b/metricbeat/module/vsphere/_meta/Dockerfile index c54957d42313..81eb9a401d7c 100644 --- a/metricbeat/module/vsphere/_meta/Dockerfile +++ b/metricbeat/module/vsphere/_meta/Dockerfile @@ -1,5 +1,5 @@ ARG VSPHERE_GOLANG_VERSION -FROM golang:1.24.11-bookworm +FROM golang:1.25.4-bookworm RUN apt-get install curl git RUN go install github.com/vmware/govmomi/vcsim@v0.30.4 diff --git a/packetbeat/Dockerfile b/packetbeat/Dockerfile index d5024eafd5e5..03dbda9973b9 100644 --- a/packetbeat/Dockerfile +++ b/packetbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.24.11-bookworm +FROM golang:1.25.4-bookworm RUN \ apt-get update \ diff --git a/testing/go-ech/ech.go b/testing/go-ech/ech.go index 4e559629a74d..b41e20f30504 100644 --- a/testing/go-ech/ech.go +++ b/testing/go-ech/ech.go @@ -62,7 +62,6 @@ func VerifyFIPSBinary(t *testing.T, binaryPath string) { case "-tags": foundTags = true assert.Contains(t, setting.Value, "requirefips") - assert.Contains(t, setting.Value, "ms_tls13kdf") continue case "GOEXPERIMENT": foundExperiment = true diff --git a/x-pack/metricbeat/magefile.go b/x-pack/metricbeat/magefile.go index 82bda3e86691..b047e0063e32 100644 --- a/x-pack/metricbeat/magefile.go +++ b/x-pack/metricbeat/magefile.go @@ -267,7 +267,12 @@ func GoIntegTest(ctx context.Context) error { // Use TEST_TAGS=tag1,tag2 to add additional build tags. // Use MODULE=module to run only tests for `module`. func GoFIPSOnlyIntegTest(ctx context.Context) error { - os.Setenv("GODEBUG", "fips140=only") + // We also set GODEBUG=tlsmlkem=0 to disable the X25519MLKEM768 TLS key + // exchange mechanism; without this setting and with the GODEBUG=fips140=only + // setting, we get errors in tests like so: + // Failed to connect: crypto/ecdh: use of X25519 is not allowed in FIPS 140-only mode + // Note that we are only disabling this TLS key exchange mechanism in tests! + os.Setenv("GODEBUG", "fips140=only,tlsmlkem=0") return GoIntegTest(ctx) } diff --git a/x-pack/metricbeat/module/airflow/statsd/data_test.go b/x-pack/metricbeat/module/airflow/statsd/data_test.go index da8ebc40f46d..d81f0b3fd880 100644 --- a/x-pack/metricbeat/module/airflow/statsd/data_test.go +++ b/x-pack/metricbeat/module/airflow/statsd/data_test.go @@ -8,6 +8,7 @@ import ( "fmt" "net" "runtime" + "strconv" "sync" "testing" @@ -43,7 +44,7 @@ func getConfig() map[string]interface{} { } func createEvent(data string, t *testing.T) { - udpAddr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%d", STATSD_HOST, STATSD_PORT)) + udpAddr, err := net.ResolveUDPAddr("udp", net.JoinHostPort(STATSD_HOST, strconv.Itoa(int(STATSD_PORT)))) require.NoError(t, err) conn, err := net.DialUDP("udp", nil, udpAddr) diff --git a/x-pack/metricbeat/module/stan/_meta/Dockerfile b/x-pack/metricbeat/module/stan/_meta/Dockerfile index 856648d91b00..b3d589c444f8 100644 --- a/x-pack/metricbeat/module/stan/_meta/Dockerfile +++ b/x-pack/metricbeat/module/stan/_meta/Dockerfile @@ -2,7 +2,7 @@ ARG STAN_VERSION=0.15.1 FROM nats-streaming:$STAN_VERSION # build stage -FROM golang:1.24.11-bookworm AS build-env +FROM golang:1.25.4-bookworm AS build-env RUN apt-get install git mercurial gcc RUN git clone https://github.com/nats-io/stan.go.git /stan-go RUN cd /stan-go/examples/stan-bench && git checkout tags/v0.5.2 && go build .