Skip to content

chore(deps): security update #14247

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: release-2.9
Choose a base branch
from
Open

chore(deps): security update #14247

wants to merge 1 commit into from
+208 −203

Conversation

kumahq[bot]
Copy link
Contributor

@kumahq kumahq bot commented Aug 14, 2025
edited
Loading

Scan output:

Before update:

OSV URL CVSS ECOSYSTEM PACKAGE VERSION SOURCE
https://osv.dev/GO-2025-3829 3.3 Go github.com/docker/docker 27.2.0 incompatible
https://osv.dev/GHSA-4vq8-7jfc-9cvp
https://osv.dev/GO-2025-3601 6.5 Go helm.sh/helm/v3 3.16.1 go.mod
https://osv.dev/GHSA-4hfp-h4cw-hj8p
https://osv.dev/GO-2025-3602 6.5 Go helm.sh/helm/v3 3.16.1 go.mod
https://osv.dev/GHSA-5xqw-8hwv-wg92
https://osv.dev/GO-2025-3887 6.5 Go helm.sh/helm/v3 3.16.1 go.mod
https://osv.dev/GHSA-9h84-qmv7-982p
https://osv.dev/GO-2025-3888 6.5 Go helm.sh/helm/v3 3.16.1 go.mod
https://osv.dev/GHSA-f9f8-9pmf-xv68
https://osv.dev/GO-2025-3849 Go stdlib 1.23.10 go.mod
------------------------------------- ------ ----------- --------------------------- --------------------- --------
Uncalled vulnerabilities
------------------------------------- ------ ----------- --------------------------- --------------------- --------
https://osv.dev/GO-2022-0635 Go github.com/aws/aws-sdk-go 1.49.6 go.mod
https://osv.dev/GO-2022-0646 Go github.com/aws/aws-sdk-go 1.49.6 go.mod
https://osv.dev/GO-2025-3595 5.3 Go golang.org/x/net 0.36.0 go.mod
https://osv.dev/GHSA-vvgc-356p-c3xw
https://osv.dev/GO-2025-3802 8.5 Go helm.sh/helm/v3 3.16.1 go.mod
https://osv.dev/GHSA-557j-xg8c-q2mm

After update:

OSV URL CVSS ECOSYSTEM PACKAGE VERSION SOURCE
https://osv.dev/GO-2022-0635 Go github.com/aws/aws-sdk-go 1.49.6 go.mod
https://osv.dev/GO-2022-0646 Go github.com/aws/aws-sdk-go 1.49.6 go.mod
https://osv.dev/GO-2025-3563 Go stdlib 1.24.0 go.mod
https://osv.dev/GO-2025-3749 Go stdlib 1.24.0 go.mod
https://osv.dev/GO-2025-3750 Go stdlib 1.24.0 go.mod
https://osv.dev/GO-2025-3751 Go stdlib 1.24.0 go.mod
https://osv.dev/GO-2025-3849 Go stdlib 1.24.0 go.mod

If a package is showing up in the scan but the script is not trying to update it then it might be because there is no fixed version yet.

@kumahq kumahq bot added dependencies Pull requests that update a dependency file release-2.9 labels Aug 14, 2025
@kumahq kumahq bot requested a review from a team as a code owner August 14, 2025 03:36
@kumahq kumahq bot added dependencies Pull requests that update a dependency file release-2.9 labels Aug 14, 2025
@kumahq kumahq bot requested review from jijiechen and Automaat August 14, 2025 03:36
@kumahq kumahq bot force-pushed the chore/security-updates-release-2.9 branch 3 times, most recently from 45a7121 to 73bf05b Compare August 21, 2025 03:28
@Icarus9913 Icarus9913 added the ci/run-full-matrix PR: Runs all possible e2e test combination (expensive use carefully) label Aug 22, 2025
Icarus9913
Icarus9913 previously requested changes Aug 22, 2025
View reviewed changes
Copy link
Contributor

@Icarus9913 Icarus9913 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hold this PR after finishing the patch release

@kumahq kumahq bot force-pushed the chore/security-updates-release-2.9 branch 2 times, most recently from 1956ac4 to 66bbf73 Compare August 26, 2025 03:28
@Icarus9913 Icarus9913 force-pushed the chore/security-updates-release-2.9 branch from 66bbf73 to 597cb0c Compare August 28, 2025 06:22
@kumahq kumahq bot force-pushed the chore/security-updates-release-2.9 branch from 597cb0c to 4d64b1f Compare August 29, 2025 03:26
@Icarus9913 Icarus9913 force-pushed the chore/security-updates-release-2.9 branch from 4d64b1f to 597cb0c Compare September 1, 2025 02:04
@kumahq kumahq bot force-pushed the chore/security-updates-release-2.9 branch 2 times, most recently from 2fa092d to 9ba857d Compare September 2, 2025 03:27
@kumahq
chore(deps): security update
153bfd2 
Signed-off-by: kumahq[bot] <110050114+kumahq[bot]@users.noreply.github.com>
@kumahq kumahq bot force-pushed the chore/security-updates-release-2.9 branch from 9ba857d to 153bfd2 Compare September 4, 2025 03:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Icarus9913 Icarus9913 Icarus9913 left review comments

@jijiechen jijiechen Awaiting requested review from jijiechen jijiechen is a code owner automatically assigned from kumahq/kuma-maintainers

@Automaat Automaat Awaiting requested review from Automaat Automaat is a code owner automatically assigned from kumahq/kuma-maintainers

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
ci/run-full-matrix PR: Runs all possible e2e test combination (expensive use carefully) dependencies Pull requests that update a dependency file release-2.9
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Icarus9913