fix multiple cve's#35
Conversation
Update the following dependencies to remediate security vulnerabilities: - github.com/go-jose/go-jose/v4: v4.1.3 → v4.1.4 - CVE-2026-34986: Denial of Service via crafted JSON Web Encryption - github.com/golang-jwt/jwt/v4: v4.5.1 → v4.5.2 - github.com/golang-jwt/jwt/v5: v5.2.1 → v5.2.2 - CVE-2025-30204: Excessive memory allocation during header parsing - go.opentelemetry.io/otel/sdk: v1.42.0 → v1.43.0 - CVE-2026-39883: Arbitrary code execution via PATH hijacking on BSD/Solaris - golang.org/x/crypto: v0.49.0 → v0.52.0 - CVE-2026-39827: SSH channel resource exhaustion - CVE-2026-39828: Unauthorized command execution via discarded SSH permissions - CVE-2026-39829: DoS via crafted public key with excessive parameters - CVE-2026-39830: DoS via resource leak from unsolicited SSH responses - CVE-2026-39832: Security bypass due to improper handling of key restrictions - CVE-2026-39835: DoS via crafted SSH certificate - CVE-2026-42508: Revocation bypass via unchecked SignatureKey - CVE-2026-46595: Authorization bypass due to skipped source-address validation - CVE-2026-46597: Server-side panic via incorrectly placed cast - golang.org/x/net: v0.52.0 → v0.55.0 - CVE-2026-25681: Arbitrary code execution via Cross-Site Scripting in html - CVE-2026-27136: XSS via html Render - CVE-2026-33814: DoS via malformed SETTINGS_MAX_FRAME_SIZE frame (HTTP/2) - CVE-2026-39821: Privilege escalation via incorrect Punycode label processing - CVE-2026-42502: XSS via html Render Signed-off-by: Wesley Hayutin <weshayutin@gmail.com>
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: weshayutin The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
Update the following dependencies to remediate security vulnerabilities: