bump go version to fix https://pkg.go.dev/vuln/GO-2025-3956

[ErickRDS]

Description of the change:
Update the go directive in go.mod from 1.24.4 to 1.24.6 to address CVE-2025-47906 (GO-2025-3956) in os/exec (LookPath PATH handling).

Motivation for the change:
Internal security scanners flagged this repository for CVE-2025-47906. The Go team fixed this issue in Go 1.24.6 (and 1.23.12). Bumping to 1.24.6 ensures compliance and mitigates the vulnerability.
Closes #1802

Reviewer Checklist

• Implementation matches the proposed design, or proposal is updated to match implementation
• Sufficient unit test coverage
• Sufficient end-to-end test coverage
• Docs updated or added to /docs
• Commit messages sensible and descriptive

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign oceanc80 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @ErickRDS. Thanks for your PR.

I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[ErickRDS]

I think that probably we'd need to update o-f/api and after we get a new release, I can rebase my branch.

[tmshort]

This is updating the repo to 1.24.6, but the comment references 1.24.4?

[tmshort]

The comment says things are fixed at 1.24.4, which this repo already uses. So why the update to 1.24.6?

[ErickRDS]

oh, my bad. I adjusted the description of the PR.

[ErickRDS]

True. I just copied the description of an old PR that I raised and forgot to change the go version in the description. My bad.

[ErickRDS]

I'm bumping to 1.24.6 to be a simple bump to fix the CVE, but if you guys prefer, we can bump to 1.24.9, to avoid another PRs to bump Go version any time soon.

[grokspawn]

Thanks for the PR @ErickRDS!
We'll take this to the next community meeting to discuss, since we have a few repos that we have to coordinate on this issue.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 57.49%. Comparing base (0b33485) to head (5c89e6d).
⚠️ Report is 4 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1820      +/-   ##
==========================================
+ Coverage   55.37%   57.49%   +2.12%     
==========================================
  Files         136      136              
  Lines       16003    12934    -3069     
==========================================
- Hits         8861     7436    -1425     
+ Misses       5987     4342    -1645     
- Partials     1155     1156       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.