diff --git a/.changes/unreleased/Security-20260707-000000.yaml b/.changes/unreleased/Security-20260707-000000.yaml new file mode 100644 index 0000000..02863ec --- /dev/null +++ b/.changes/unreleased/Security-20260707-000000.yaml @@ -0,0 +1,3 @@ +kind: Security +body: Bump Go toolchain from go1.26.2 to go1.26.4 (fixes GO-2026-4977, GO-2026-4986, GO-2026-4918, GO-2026-4971, GO-2026-4981, GO-2026-5037, GO-2026-5038, GO-2026-5026) +time: 2026-07-07T00:00:00.000000Z diff --git a/src/go.mod b/src/go.mod index a936859..dcea291 100644 --- a/src/go.mod +++ b/src/go.mod @@ -2,7 +2,7 @@ module github.com/opslevel/opslevel-runner go 1.26.0 -toolchain go1.26.2 +toolchain go1.26.4 require ( github.com/contribsys/faktory v1.9.4 @@ -278,7 +278,7 @@ require ( golang.org/x/crypto v0.52.0 // indirect golang.org/x/exp/typeparams v0.0.0-20250210185358-939b2ce775ac // indirect golang.org/x/mod v0.35.0 // indirect - golang.org/x/net v0.54.0 // indirect + golang.org/x/net v0.55.0 // indirect golang.org/x/oauth2 v0.36.0 // indirect golang.org/x/sync v0.20.0 // indirect golang.org/x/sys v0.45.0 // indirect diff --git a/src/go.sum b/src/go.sum index 623be3b..f7c0f86 100644 --- a/src/go.sum +++ b/src/go.sum @@ -674,8 +674,8 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/net v0.54.0 h1:2zJIZAxAHV/OHCDTCOHAYehQzLfSXuf/5SoL/Dv6w/w= -golang.org/x/net v0.54.0/go.mod h1:Sj4oj8jK6XmHpBZU/zWHw3BV3abl4Kvi+Ut7cQcY+cQ= +golang.org/x/net v0.55.0 h1:bcvxaJn3e1U6InsFWt1JUq1aSjnRxLzT2rtD2KfkDF8= +golang.org/x/net v0.55.0/go.mod h1:L5U2KuzuOe1lY7Z+aWVIKK6qEeJXnXV9yzGA+WCHJww= golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs= golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=