From 2fe5f9c7b897f44acc23c98531283c5862ba5198 Mon Sep 17 00:00:00 2001
From: Christopher Angelo Phillips <32073428+spiffcs@users.noreply.github.com>
Date: Tue, 17 Feb 2026 12:04:51 -0500
Subject: [PATCH] fix: bumps go mod version to 1.25; ci takes latest patch
 (#4628)

---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---
 .github/actions/bootstrap/action.yaml | 3 ++-
 .github/workflows/codeql-analysis.yml | 1 +
 go.mod                                | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/actions/bootstrap/action.yaml b/.github/actions/bootstrap/action.yaml
index 8f59c34ca..333f59364 100644
--- a/.github/actions/bootstrap/action.yaml
+++ b/.github/actions/bootstrap/action.yaml
@@ -5,7 +5,7 @@ inputs:
   go-version:
     description: "Go version to install"
     required: true
-    default: ">= 1.24"
+    default: "1.25.x"
   go-dependencies:
     description: "Download go dependencies"
     required: true
@@ -33,6 +33,7 @@ runs:
       if: inputs.go-version != ''
       with:
         go-version: ${{ inputs.go-version }}
+        check-latest: true
 
     - name: Restore tool cache
       if: inputs.tools == 'true'
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 13f91f53b..6c90f9802 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -44,6 +44,7 @@ jobs:
       uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 #v6.2.0
       with:
         go-version-file: go.mod
+        check-latest: true
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
diff --git a/go.mod b/go.mod
index 98bd71d6c..897241460 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/anchore/syft
 
-go 1.24.6
+go 1.25
 
 require (
 	github.com/BurntSushi/toml v1.6.0