k8s-digester icon indicating copy to clipboard operation
k8s-digester copied to clipboard
verified publisher icon google

security: update Go dependencies to fix vulnerabilities

Open falcorocks opened this issue 4 months ago • 2 comments

Summary

Updates Go dependencies to resolve security vulnerabilities identified by Grype.

Screenshot 2025-08-12 at 15 09 30

Changes

  • Go toolchain: 1.23.4 → 1.24.6 (fixes CVE-2025-47907)
  • golang.org/x/crypto: v0.31.0 → v0.36.0 (fixes GHSA-hcg3-q754-cr77)
  • golang.org/x/oauth2: v0.24.0 → v0.27.0 (fixes GHSA-6v2p-p543-phr9)
  • github.com/golang-jwt/jwt/v4: v4.5.1 → v4.5.2 (fixes GHSA-mh63-6h87-95cp)
  • golang.org/x/net: v0.32.0 → v0.38.0 (fixes GHSA-vvgc-356p-c3xw, GHSA-qxp5-gwg8-xv66)

falcorocks avatar Aug 12 '25 13:08 falcorocks

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

google-cla[bot] avatar Aug 12 '25 13:08 google-cla[bot]

@halvards could you please have a look at this one? 🙏

falcorocks avatar Aug 25 '25 14:08 falcorocks