Bump Go to 1.25.5 / 1.24.11

[ivanvc]

What would you like to be added?

Go 1.25.5 and 1.24.11 were released yesterday; they include fixes in crypto/x509 for CVEs: CVE-2025-61729 and CVE-2025-61727. According to our Dependency management documentation, we want to stay on the latest patch version. This means updating our stable branches to 1.24.11 and main to 1.25.5.

Progress track:

• [ ] etcd
  • [x] main: go v1.25.5 - #20992
  • [ ] release-3.6: go v1.24.11
  • [ ] release-3.5: go v1.24.11
  • [ ] release-3.4: go v1.24.11
  • [ ] CHANGELOG
• [ ] bbolt
  • [ ] main: go v1.24.11
  • [ ] release-1.4: v1.24.11
  • [ ] release-1.3: v1.24.11
• [ ] raft
  • [ ] main: go v1.24.11
  • [ ] release-3.6: go v1.24.11
• [ ] etcd-io/gofail master: go v1.24.11
• [ ] etcd-io/auger main: go v1.25.5
• [ ] etcd-io/etcd-operator: go v1.25.5
• [ ] etcd-io/protodoc: go v1.24.11

Why is this needed?

To keep our Go version up to date and to address CVEs: CVE-2025-61729 and CVE-2025-61727

[ivanvc]

cc. @hwdef

[hwdef]

I want to do this, thanks!

[ivanvc]

/assign @hwdef

[ronaldngounou]

Hi @ivanvc , @hwdef , Have we considered mechanisms to automate this process in the past?

[ivanvc]

Hi @ivanvc , @hwdef , Have we considered mechanisms to automate this process in the past?

I have a script locally that automates this. Potentially, it can be triggered in an automated way. However, this is one of those tasks that are good for first-time contributors. So, I haven't decided to push forward with automating this more.

[ivanvc]

Thanks, @hwdef :)