[28.x backport] update to go1.24.6

[thaJeztah]

• backport update to go1.24.6 #6247

---

- What I did

• https://github.com/golang/go/issues?q=milestone%3AGo1.24.6+label%3ACherryPickApproved
• full diff: golang/[email protected]

These minor releases include 2 security fixes following the security policy:

• os/exec: LookPath may return unexpected paths

If the PATH environment variable contains paths which are executables (rather
than just directories), passing certain strings to LookPath ("", ".", and ".."),
can result in the binaries listed in the PATH being unexpectedly returned.

Thanks to Olivier Mengué for reporting this issue.

This is CVE-2025-47906 and Go issue https://go.dev/issue/74466.

• database/sql: incorrect results returned from Rows.Scan

Cancelling a query (e.g. by cancelling the context passed to one of the query
methods) during a call to the Scan method of the returned Rows can result in
unexpected results if other queries are being made in parallel. This can result
in a race condition that may overwrite the expected results with those of
another query, causing the call to Scan to return either unexpected results
from the other query or an error.

We believe this affects most database/sql drivers.

Thanks to Spike Curtis from Coder for reporting this issue.

This is GHSA-j5pm-7495-qmr3 and https://go.dev/issue/74831.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.24.6

- Human readable description for the release notes

Update Go runtime to [1.24.6](https://go.dev/doc/devel/release#go1.24.6)

- A picture of a cute animal (not mandatory but encouraged)

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!