From 315e800cb26d092abd9c068da1f2abec7e615d45 Mon Sep 17 00:00:00 2001
From: Seth Shelnutt <seth@coder.com>
Date: Wed, 13 May 2026 07:55:14 -0400
Subject: [PATCH] fix: upgrade Go toolchain from 1.25.9 to 1.25.10 (#25228)

Go 1.25.10 (released 2026-05-07) includes 11 security fixes for CVEs
affecting the go command, pack tool, html/template, net, net/http,
net/http/httputil, net/mail, and syscall packages.

Fixes IronBank v2.32.x Go stdlib CVE exposure by upgrading from Go
1.25.9 to 1.25.10.

Reference: https://groups.google.com/g/golang-dev/c/h6eZjndBMqQ

### Changed files
- `go.mod`: `go 1.25.9` to `go 1.25.10`
- `dogfood/coder/Dockerfile`: `GO_VERSION` and `GO_CHECKSUM`
- `.github/actions/setup-go/action.yaml`: default version

> Generated by Coder Agents
---
 .github/actions/setup-go/action.yaml | 2 +-
 dogfood/coder/Dockerfile             | 4 ++--
 go.mod                               | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/actions/setup-go/action.yaml b/.github/actions/setup-go/action.yaml
index 50d6f96e62..a1015cd79a 100644
--- a/.github/actions/setup-go/action.yaml
+++ b/.github/actions/setup-go/action.yaml
@@ -4,7 +4,7 @@ description: |
 inputs:
   version:
     description: "The Go version to use."
-    default: "1.25.9"
+    default: "1.25.10"
   use-cache:
     description: "Whether to use the cache."
     default: "true"
diff --git a/dogfood/coder/Dockerfile b/dogfood/coder/Dockerfile
index 53ac087ba5..8b4a0ce31d 100644
--- a/dogfood/coder/Dockerfile
+++ b/dogfood/coder/Dockerfile
@@ -11,8 +11,8 @@ RUN cargo install jj-cli typos-cli watchexec-cli
 FROM ubuntu:jammy@sha256:eb29ed27b0821dca09c2e28b39135e185fc1302036427d5f4d70a41ce8fd7659 AS go
 
 # Install Go manually, so that we can control the version
-ARG GO_VERSION=1.25.9
-ARG GO_CHECKSUM="00859d7bd6defe8bf84d9db9e57b9a4467b2887c18cd93ae7460e713db774bc1"
+ARG GO_VERSION=1.25.10
+ARG GO_CHECKSUM="42d4f7a32316aa66591eca7e89867256057a4264451aca10570a715b3637ba70"
 
 # Boring Go is needed to build FIPS-compliant binaries.
 RUN apt-get update && \
diff --git a/go.mod b/go.mod
index 2044717dbc..70a1c6e566 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/coder/coder/v2
 
-go 1.25.9
+go 1.25.10
 
 // Required until a v3 of chroma is created to lazily initialize all XML files.
 // None of our dependencies seem to use the registries anyways, so this