Skip to content

fix(deps): vuln minor upgrades — 6 packages (minor: 5 · patch: 1) #20

Draft
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/go/0-1778178471
Draft

fix(deps): vuln minor upgrades — 6 packages (minor: 5 · patch: 1) #20
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/go/0-1778178471

Conversation

@gh-worker-campaigns-3e9aa4
Copy link
Copy Markdown

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 Bot commented May 7, 2026

Summary: Critical-severity security update — 6 packages upgraded (MINOR changes included)

Manifests changed:

  • . (go)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package From To Type Dep Type Vulnerabilities Fixed
google.golang.org/grpc v1.65.0 v1.81.0 minor Transitive 3 CRITICAL
github.com/sirupsen/logrus v1.4.1 v1.9.4 minor Direct 3 HIGH
github.com/golang-jwt/jwt/v5 v5.2.1 v5.2.3 patch Transitive 3 HIGH
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 v1.7.10 minor Transitive 1 MODERATE
github.com/aws/aws-sdk-go-v2/service/lambda v1.56.1 v1.90.1 minor Transitive 1 MODERATE
github.com/aws/aws-sdk-go-v2/service/s3 v1.58.0 v1.100.1 minor Transitive 1 MODERATE

Security Details

🚨 Critical & High Severity (9 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
google.golang.org/grpc GHSA-p77j-4mvh-x3m3 CRITICAL gRPC-Go has an authorization bypass via missing leading slash in :path v1.65.0 1.79.3
google.golang.org/grpc CVE-2026-33186 CRITICAL gRPC-Go has an authorization bypass via missing leading slash in :path v1.65.0 -
google.golang.org/grpc GO-2026-4762 CRITICAL Authorization bypass in gRPC-Go via missing leading slash in :path in google.golang.org/grpc v1.65.0 1.79.3
github.com/golang-jwt/jwt/v5 GO-2025-3553 high Excessive memory allocation during header parsing in github.com/golang-jwt/jwt v5.2.1 5.2.2
github.com/golang-jwt/jwt/v5 GHSA-mh63-6h87-95cp HIGH jwt-go allows excessive memory allocation during header parsing v5.2.1 5.2.2
github.com/golang-jwt/jwt/v5 CVE-2025-30204 high jwt-go allows excessive memory allocation during header parsing v5.2.1 -
github.com/sirupsen/logrus GO-2025-4188 high Logrus is vulnerable to DoS when using Entry.writerScanner in github.com/sirupsen/logrus v1.4.1 1.8.3
github.com/sirupsen/logrus GHSA-4f99-4q7p-p3gh HIGH Logrus is vulnerable to DoS when using Entry.Writer() v1.4.1 1.8.3
github.com/sirupsen/logrus CVE-2025-65637 high - v1.4.1 -
ℹ️ Other Vulnerabilities (3)
Package CVE Severity Summary Unsafe Version Fixed In
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream GHSA-xmrv-pmrh-hhx2 MODERATE Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder v1.6.3 1.7.8
github.com/aws/aws-sdk-go-v2/service/lambda GHSA-xmrv-pmrh-hhx2 MODERATE Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder v1.56.1 1.88.5
github.com/aws/aws-sdk-go-v2/service/s3 GHSA-xmrv-pmrh-hhx2 MODERATE Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder v1.58.0 1.97.3

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: Vulnerability Remediation (Critical/High)

🤖 Generated by DataDog Automated Dependency Management System

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-critical-severity adms-dependency-update adms-go adms-high-severity adms-medium-severity adms-minor-update adms-mode-all-vulns campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants