chore: Bump Go to 1.25.3 to fix CVE-2025-58183

[guzalv]

Description

Update all go.mod files to require Go 1.25.3, which includes the fix for CVE-2025-58183 (archive/tar unbounded allocation vulnerability).

Problem: The go.mod files declared go 1.25.0, which is vulnerable to CVE-2025-58183. While konflux builds already use Go 1.25.3, local development could use vulnerable versions.

Solution: Updated all 12 go.mod files to require go 1.25.3 to ensure developers are warned if using older Go versions and to document the actual Go version requirement.

Why: Konflux builder already uses Go 1.25.3, this change ensures consistency between production builds and local development environment requirements.

User-facing documentation

• CHANGELOG.md is updated OR update is not needed
• documentation PR is created and is linked above OR is not needed

Testing and quality

• the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
• CI results are inspected

Automated testing

• added unit tests
• added e2e tests
• added regression tests
• added compatibility tests
• modified existing tests

How I validated my change

• Verified all 12 go.mod files now declare go 1.25.3
• Confirmed konflux builder already uses Go 1.25.3 by running: docker run --rm brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_golang_1.25@sha256:527782f4a0270f786192281f68d0374f4a21b3ab759643eee4bfcafb6f539468 go version
• CI will validate that the go.mod changes don't break any builds

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[rhacs-bot]

Images are ready for the commit at 74774d3.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.10.x-759-g74774d3c68.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 48.93%. Comparing base (8973035) to head (74774d3).
⚠️ Report is 7 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master   #18458   +/-   ##
=======================================
  Coverage   48.92%   48.93%           
=======================================
  Files        2629     2629           
  Lines      197814   197814           
=======================================
+ Hits        96787    96795    +8     
+ Misses      93642    93635    -7     
+ Partials     7385     7384    -1     

Flag	Coverage Δ
go-unit-tests	48.93% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[guzalv]

/test all

[sourcery-ai]

Hey - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[openshift-ci]

@guzalv: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/ocp-4-12-qa-e2e-tests	74774d3	link	false	/test ocp-4-12-qa-e2e-tests

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.