Skip to content

VULN UPGRADE: major upgrades — 13 packages (major: 2 · unstable: 4 · minor: 3 · patch: 4) #387

Draft
campaigner-prod[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/major/go/2-1772726515
Draft

VULN UPGRADE: major upgrades — 13 packages (major: 2 · unstable: 4 · minor: 3 · patch: 4) #387
campaigner-prod[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/major/go/2-1772726515

Conversation

@campaigner-prod
Copy link

@campaigner-prod campaigner-prod bot commented Mar 5, 2026

Summary: High-severity security update — 13 packages upgraded (MAJOR changes included)

Manifests changed:

  • . (go)

Updates

Package From To Type Vulnerabilities Fixed
github.com/docker/compose/v2 v2.40.2 v5.1.0 major 1 HIGH
gocloud.dev v0.43.0 v0.44.0 unstable -
k8s.io/api v0.32.3 v0.35.1 unstable -
k8s.io/apimachinery v0.32.3 v0.35.2 unstable -
k8s.io/client-go v0.32.3 v1.5.2 major -
sigs.k8s.io/controller-runtime v0.20.2 v0.23.1 unstable -
github.com/aws/aws-sdk-go-v2/config v1.29.17 v1.32.10 minor -
github.com/aws/aws-sdk-go-v2/service/s3 v1.84.0 v1.96.2 minor -
google.golang.org/grpc v1.74.2 v1.79.1 minor -
github.com/compose-spec/compose-go/v2 v2.9.0 v2.9.1 patch -
github.com/spf13/cobra v1.10.1 v1.10.2 patch -
go.uber.org/zap v1.27.0 v1.27.1 patch -
google.golang.org/protobuf v1.36.9 v1.36.11 patch -

Packages marked with "-" are updated due to dependency constraints.

⚠️ Constraint Violations Detected

The following version constraints in your dependency declarations will be violated by this update. This may cause build failures or require manual constraint updates:

Package Current Constraint Updated To
github.com/compose-spec/compose-go/v2 v2.10.1 v2.9.1

Action Required: Update your dependency constraints before merging this PR to avoid build failures.

Warning

Major Version Upgrade

This update includes major version changes that may contain breaking changes. Please:

  • Review the changelog/release notes for breaking changes
  • Test thoroughly in a staging environment
  • Update any code that depends on changed APIs
  • Ensure all tests pass before merging

Security Details

🚨 Critical & High Severity (1 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
github.com/docker/compose/v2 GHSA-p436-gjf2-799p HIGH Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows v2.40.2 -

Review Checklist

Extra review is recommended for this update:

  • Review changes for compatibility with your code
  • Check release notes for breaking changes
  • Run integration tests to verify service behavior
  • Test in staging environment before production
  • Update dependency constraints in your manifest files
  • Monitor key metrics after deployment

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-dependency-update adms-go adms-high-severity adms-major-update adms-mode-all-updates campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants