Skip to content

VULN UPGRADE: minor upgrades — 17 packages (minor: 13 · patch: 4) [sticker-award]#233

Closed
campaigner-prod[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/go/sticker-award/1-1773078461
Closed

VULN UPGRADE: minor upgrades — 17 packages (minor: 13 · patch: 4) [sticker-award]#233
campaigner-prod[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/go/sticker-award/1-1773078461

Conversation

@campaigner-prod

Copy link
Copy Markdown
Contributor

Summary: High-severity security update — 17 packages upgraded (MINOR changes included)

Manifests changed:

  • sticker-award (go)

Updates

Package From To Type Vulnerabilities Fixed
github.com/golang-jwt/jwt/v5 v5.2.1 v5.2.3 patch 3 HIGH
github.com/DataDog/dd-trace-go/contrib/IBM/sarama/v2 v2.2.2 v2.6.0 minor -
github.com/DataDog/dd-trace-go/contrib/gin-gonic/gin/v2 v2.2.2 v2.6.0 minor -
github.com/DataDog/dd-trace-go/contrib/gorm.io/gorm.v1/v2 v2.2.2 v2.6.0 minor -
github.com/DataDog/dd-trace-go/contrib/net/http/v2 v2.2.2 v2.6.0 minor -
github.com/DataDog/dd-trace-go/contrib/sirupsen/logrus/v2 v2.2.2 v2.6.0 minor -
github.com/DataDog/dd-trace-go/v2 v2.2.2 v2.6.0 minor -
github.com/MicahParks/keyfunc/v3 v3.3.5 v3.8.0 minor -
github.com/aws/aws-sdk-go-v2 v1.39.5 v1.41.2 minor -
github.com/aws/aws-sdk-go-v2/config v1.31.16 v1.32.10 minor -
github.com/gin-gonic/gin v1.9.1 v1.12.0 minor -
github.com/go-playground/validator/v10 v10.15.5 v10.30.1 minor -
github.com/golang-migrate/migrate/v4 v4.16.2 v4.19.1 minor -
github.com/spf13/viper v1.17.0 v1.21.0 minor -
github.com/aws/aws-sdk-go-v2/service/eventbridge v1.45.9 v1.45.19 patch -
github.com/aws/aws-sdk-go-v2/service/sqs v1.42.12 v1.42.22 patch -
gorm.io/gorm v1.30.1 v1.30.5 patch -

Packages marked with "-" are updated due to dependency constraints.


Security Details

🚨 Critical & High Severity (3 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
github.com/golang-jwt/jwt/v5 GO-2025-3553 high Excessive memory allocation during header parsing in github.com/golang-jwt/jwt v5.2.1 5.2.2
github.com/golang-jwt/jwt/v5 CVE-2025-30204 high jwt-go allows excessive memory allocation during header parsing v5.2.1 -
github.com/golang-jwt/jwt/v5 GHSA-mh63-6h87-95cp HIGH jwt-go allows excessive memory allocation during header parsing v5.2.1 5.2.2

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

@scottgerring

Copy link
Copy Markdown
Member

Out of date

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant