Upgrade Go version to 1.25

[fatihtokus]

PR Type

Enhancement

---

Description

• Upgrade Go version from 1.22 to 1.25

• Update Go toolchain from 1.23.3 to 1.25.5

• Bump plugin version from 0.3.25-rc.2 to 0.3.26-rc.1

• Update all platform-specific release URIs with new version

---

Diagram Walkthrough

flowchart LR
  A["Go 1.22<br/>Toolchain 1.23.3"] -- "Upgrade" --> B["Go 1.25<br/>Toolchain 1.25.5"]
  C["Version 0.3.25-rc.2"] -- "Bump" --> D["Version 0.3.26-rc.1"]
  D -- "Update" --> E["All Platform URIs"]

Loading

File Walkthrough

	Relevant files
Dependencies	go.mod Go version and toolchain upgrade                                                  go.mod Upgrade Go version from 1.22 to 1.25 Update toolchain from go1.23.3 to go1.25.5 +2/-2
Configuration changes	plugin.yaml Plugin version bump and URI updates                                            release-candidate/plugin.yaml Update plugin version from 0.3.25-rc.2 to 0.3.26-rc.1 Update all 11 platform-specific release download URIs with new version tag Maintain consistent version across all supported platforms (linux, darwin, freebsd, windows) +13/-13

---

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: No audit logging: The PR only updates versions and URIs without adding or modifying any logging of critical actions, so there is no evidence that audit trails are addressed by these changes. Referred Code version: "0.3.26-rc.1" maintainer: fatihtokus repository: github.com/fatihtokus/scan2html summary: A Trivy plugin that scans and outputs the results to a single page app. usage: A Trivy plugin that scans and outputs the results to a single page app. description: |- A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to a single page app. trivy scan2html [-h,--help] command target filename platforms: - selector: os: linux arch: amd64 uri: https://github.com/fatihtokus/scan2html/releases/download/v0.3.26-rc.1/scan2html_0.3.26-rc.1_linux-amd64.tar.gz bin: ./scan2html - selector: os: linux arch: arm uri: https://github.com/fatihtokus/scan2html/releases/download/v0.3.26-rc.1/scan2html_0.3.26-rc.1_linux-arm.tar.gz bin: ./scan2html - selector: ... (clipped 47 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: No error handling: The changes only update Go/toolchain versions and do not introduce or modify error handling paths, leaving robustness unassessed within this diff. Referred Code go 1.25 toolchain go1.25.5 Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: No user errors shown: This PR does not add or modify user-facing error messages; secure error handling cannot be evaluated from the provided changes. Referred Code name: "scan2html" version: "0.3.26-rc.1" maintainer: fatihtokus repository: github.com/fatihtokus/scan2html summary: A Trivy plugin that scans and outputs the results to a single page app. usage: A Trivy plugin that scans and outputs the results to a single page app. description: |- A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to a single page app. trivy scan2html [-h,--help] command target filename platforms: - selector: os: linux arch: amd64 uri: https://github.com/fatihtokus/scan2html/releases/download/v0.3.26-rc.1/scan2html_0.3.26-rc.1_linux-amd64.tar.gz bin: ./scan2html - selector: os: linux arch: arm uri: https://github.com/fatihtokus/scan2html/releases/download/v0.3.26-rc.1/scan2html_0.3.26-rc.1_linux-arm.tar.gz bin: ./scan2html ... (clipped 48 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: No input validation: The PR only updates metadata and download URIs, with no input handling changes visible, so validation and secure data handling cannot be verified from this diff. Referred Code platforms: - selector: os: linux arch: amd64 uri: https://github.com/fatihtokus/scan2html/releases/download/v0.3.26-rc.1/scan2html_0.3.26-rc.1_linux-amd64.tar.gz bin: ./scan2html - selector: os: linux arch: arm uri: https://github.com/fatihtokus/scan2html/releases/download/v0.3.26-rc.1/scan2html_0.3.26-rc.1_linux-arm.tar.gz bin: ./scan2html - selector: os: linux arch: arm64 uri: https://github.com/fatihtokus/scan2html/releases/download/v0.3.26-rc.1/scan2html_0.3.26-rc.1_linux-arm64.tar.gz bin: ./scan2html - selector: os: linux arch: s390x uri: https://github.com/fatihtokus/scan2html/releases/download/v0.3.26-rc.1/scan2html_0.3.26-rc.1_linux-s390x.tar.gz bin: ./scan2html ... (clipped 38 lines) Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
High-level	Automate the manual release versioning process It is suggested to automate the manual update of the version string and download URIs in plugin.yaml. This can be achieved by creating a script to handle these repetitive changes, reducing the risk of human error and improving release efficiency. Examples: release-candidate/plugin.yaml [2-68] version: "0.3.26-rc.1" maintainer: fatihtokus repository: github.com/fatihtokus/scan2html summary: A Trivy plugin that scans and outputs the results to a single page app. usage: A Trivy plugin that scans and outputs the results to a single page app. description: |- A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to a single page app. trivy scan2html [-h,--help] command target filename platforms: ... (clipped 57 lines) Solution Walkthrough: Before: # release-candidate/plugin.yaml # Version and URIs are manually updated for each release. version: "0.3.26-rc.1" ... platforms: - selector: os: linux arch: amd64 uri: https://.../releases/download/v0.3.26-rc.1/scan2html_0.3.26-rc.1_linux-amd64.tar.gz - selector: os: linux arch: arm uri: https://.../releases/download/v0.3.26-rc.1/scan2html_0.3.26-rc.1_linux-arm.tar.gz # ... and so on for all 11 platforms After: # Example: release.sh #!/bin/bash VERSION=$1 OLD_VERSION=$(yq '.version' release-candidate/plugin.yaml) # Use a tool like 'sed' or 'yq' to update versions automatically sed -i "s/$OLD_VERSION/$VERSION/g" release-candidate/plugin.yaml echo "plugin.yaml updated to version $VERSION" # This script would be part of the release pipeline, # ensuring all version strings are updated consistently. Suggestion importance[1-10]: 6 __ Why: The suggestion correctly identifies a manual, error-prone release process and proposes automation, which is a valid process improvement that would enhance release reliability and efficiency.	Low
Update