fix(security): remediate CVE vulnerabilities

[upbound-bot]

Summary

This PR fixes CVE vulnerabilities identified by security scanning.

Vulnerabilities Fixed

CVE/GHSA	Severity	Package	Fixed Version
CVE-2025-68121	Critical	stdlib	go1.24.13
CVE-2025-61732	High	stdlib	go1.24.13

Changes Made

• Updated Go version from 1.24.12 to 1.24.13 in go.mod

References

• https://nvd.nist.gov/vuln/detail/CVE-2025-68121
• https://nvd.nist.gov/vuln/detail/CVE-2025-61732

Verification

• Rescanned with cve-scan skill after fixes
• All listed vulnerabilities resolved

[upbound-bot]

Build Failure Analysis

Check: build (amd64)
Status: Failed
Analyzed: 2026-03-02 14:44:50 UTC

Summary

The Docker build failed because the CI workflow uses Go 1.24.12 while go.mod requires Go 1.24.13.

Root Cause

The CI workflow at .github/workflows/ci.yml specifies GO_VERSION: '1.24.12' (line 17), but the go.mod file now requires Go 1.24.13 after the CVE security fix. The Docker build stage uses this version as a build argument, and with GOTOOLCHAIN=local, the build fails when the required Go version is not available.

Error Details

go: go.mod requires go >= 1.24.13 (running go 1.24.12; GOTOOLCHAIN=local)
ERROR: failed to solve: process "/bin/sh -c bash -c '... go mod download ...'" did not complete successfully: exit code: 1

Recommendation

Update .github/workflows/ci.yml line 17 to use Go 1.24.13:

GO_VERSION: '1.24.13'

---

_{This analysis was generated by the build-failure-analyze skill.}