Skip to content

fix(deps): vuln minor upgrades — 14 packages (minor: 6 · patch: 8) [test/e2e]#2927

Draft
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/go/e2e/1-1776958159
Draft

fix(deps): vuln minor upgrades — 14 packages (minor: 6 · patch: 8) [test/e2e]#2927
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/go/e2e/1-1776958159

Conversation

@gh-worker-campaigns-3e9aa4
Copy link
Copy Markdown
Contributor

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 Bot commented Apr 23, 2026

Summary: High-severity security update — 14 packages upgraded (MINOR changes included)

Manifests changed:

  • test/e2e (go)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package From To Type Dep Type Vulnerabilities Fixed
github.com/moby/spdystream v0.5.0 v0.5.1 patch Transitive 1 HIGH
github.com/go-git/go-git/v5 v5.16.5 v5.18.0 minor Transitive 2 MODERATE, 2 MEDIUM, 3 LOW
github.com/aws/aws-sdk-go-v2/service/s3 v1.93.1 v1.99.1 minor Transitive 1 MODERATE
helm.sh/helm/v3 v3.18.5 v3.20.2 minor Transitive 1 MODERATE
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 v1.7.9 patch Transitive 1 MODERATE
github.com/DataDog/datadog-operator v1.24.0 v1.25.0 minor Direct -
github.com/pulumi/pulumi-kubernetes/sdk/v4 v4.28.0 v4.29.0 minor Direct -
github.com/pulumi/pulumi/sdk/v3 v3.228.0 v3.231.0 minor Direct -
github.com/DataDog/datadog-agent/test/e2e-framework v0.78.0-devel v0.78.0 patch Direct -
github.com/DataDog/datadog-agent/test/fakeintake v0.78.0-devel v0.78.0 patch Direct -
github.com/aws/aws-sdk-go-v2 v1.41.5 v1.41.6 patch Direct -
github.com/aws/aws-sdk-go-v2/config v1.32.13 v1.32.16 patch Direct -
github.com/aws/aws-sdk-go-v2/service/cloudformation v1.71.9 v1.71.10 patch Direct -
k8s.io/cli-runtime v0.35.3 v0.35.4 patch Direct -

Packages marked with "-" are updated due to dependency constraints.

Security Details

🚨 Critical & High Severity (1 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
github.com/moby/spdystream GHSA-pc3f-x583-g7j2 HIGH SpdyStream: DOS on CRI v0.5.0 0.5.1
ℹ️ Other Vulnerabilities (10)
Package CVE Severity Summary Unsafe Version Fixed In
github.com/go-git/go-git/v5 GO-2026-4910 medium Maliciously crafted idx file can cause asymmetric memory consumption in github.com/go-git/go-git v5.16.5 5.17.1
github.com/go-git/go-git/v5 CVE-2026-34165 medium go-git: Maliciously crafted idx file can cause asymmetric memory consumption v5.16.5 -
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream GHSA-xmrv-pmrh-hhx2 MODERATE Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder v1.7.4 1.7.8
github.com/aws/aws-sdk-go-v2/service/s3 GHSA-xmrv-pmrh-hhx2 MODERATE Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder v1.93.1 1.97.3
github.com/go-git/go-git/v5 GHSA-jhf3-xxhw-2wpp MODERATE go-git: Maliciously crafted idx file can cause asymmetric memory consumption v5.16.5 5.17.1
github.com/go-git/go-git/v5 GHSA-3xc5-wrhm-f963 MODERATE go-git: Credential leak via cross-host redirect in smart HTTP transport v5.16.5 5.18.0
helm.sh/helm/v3 GHSA-hr2v-4r36-88hr MODERATE Helm Chart extraction output directory collapse via Chart.yaml name dot-segment v3.18.5 3.20.2
github.com/go-git/go-git/v5 GHSA-gm2x-2g9h-ccm8 LOW go-git missing validation decoding Index v4 files leads to panic v5.16.5 5.17.1
github.com/go-git/go-git/v5 CVE-2026-33762 LOW go-git: Missing validation decoding Index v4 files leads to panic v5.16.5 -
github.com/go-git/go-git/v5 GO-2026-4909 LOW Missing validation decoding Index v4 files leads to panic in github.com/go-git/go-git v5.16.5 5.17.1

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

@datadog-datadog-prod-us1-2

This comment has been minimized.

Sign in to view
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Apr 23, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 40.69%. Comparing base (0dcbf67) to head (db17309).

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##             main    #2927   +/-   ##
=======================================
  Coverage   40.69%   40.69%           
=======================================
  Files         321      321           
  Lines       28413    28413           
=======================================
  Hits        11563    11563           
  Misses      16015    16015           
  Partials      835      835
Flag Coverage Δ
unittests 40.69% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0dcbf67...db17309. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-dependency-update adms-go adms-high-severity adms-low-severity adms-medium-severity adms-minor-update adms-mode-all-updates campaigner-automated-change team/container-platform

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@codecov-commenter