chore(deps): bump Go >= 1.24.12 to fix CVE-2025-61726

Bump the Go toolchain from 1.22.9 to 1.24.12 in the feast-operator
go.mod and Dockerfile to fix CVE-2025-61726 (memory exhaustion in
net/url query parameter parsing, CVSS 7.5).

Signed-off-by: Chaitany patel <patelchaitany93@gmail.com>
Made-with: Cursor

Author: patelchaitany

.github/workflows/operator-e2e-integration-tests.yml

@@ -52,7 +52,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.22.9
+          go-version: 1.24.12
 
       - name: Create KIND cluster
         run: |

.github/workflows/operator_pr.yml

@@ -14,7 +14,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.22.9
+          go-version: 1.24.12
       - name: Operator tests
         run: make -C infra/feast-operator test
       - name: After code formatting, check for uncommitted differences

.github/workflows/release.yml

@@ -108,7 +108,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v2
         with:
-          go-version: 1.22.9
+          go-version: 1.24.12
       - name: Build & version operator-specific release files
         run: make -C infra/feast-operator build-installer bundle
 
@@ -140,7 +140,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v2
         with:
-          go-version: 1.22.9
+          go-version: 1.24.12
       - name: Compile Go Test Binaries
         run: |
           cd infra/feast-operator

infra/feast-operator/Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM registry.access.redhat.com/ubi9/go-toolset:1.22.9 AS builder
+FROM registry.access.redhat.com/ubi9/go-toolset:1.24 AS builder
 ARG TARGETOS
 ARG TARGETARCH
 

infra/feast-operator/go.mod

@@ -1,6 +1,6 @@
 module github.com/feast-dev/feast/infra/feast-operator
 
-go 1.22.9
+go 1.24.12
 
 require (
 	github.com/onsi/ginkgo/v2 v2.17.2