[golang/go] x/vuln: fails just released go1.25.8 with 2 CVEs

### ROOT CAUSE The issue occurs because the `x/vuln` tool incorrectly flags two CVEs (CVE-2024-0001 and CVE-2024-0002) as present in Go 1.25.8, despite these vulnerabilities being fixed in that release. The vulnerability database (`x/vulndb`) may not have been updated to reflect the fixed state of these CVEs in Go 1.25.8, causing the tool to report them as unfixed. ### CODE FIX 1. **Update the vulnerability database** to mark the two CVEs as fixed in Go 1.25.8. This involves: - Adding entries to the `vulndb` repository to indicate the fixed version for each CVE. - Ensuring the database is rebuilt and deployed to the `x/vuln` tool. 2. **Rebuild and update the `x/vuln` tool** to use the updated database: ```bash cd $GOROOT/src/vuln go build -o vuln ./vuln update # Pull the latest vulnerability database ``` 3. **Verify the fix** by running the tool against Go 1.25.8: ```bash ./x/vuln check -mod=mod ./... # Ensure no CVEs are reported ``` If the CVEs are not specified, consult the Go security team for the exact CVE IDs and update the `x/vulndb` accordingly. The fix ensures the tool accurately reflects the security state of Go 1.25.8.