Commit dd4e595
![probelabs[bot]](https://avatars.githubusercontent.com/in/1543721?v=4&size=40){kind=avatar}
### **User description**
[TT-16142] fix CVEs for v5.10.1 (#7543)
<!-- Provide a general summary of your changes in the Title above -->
## Description
<!-- Describe your changes in detail -->
## Related Issue
<!-- This project only accepts pull requests related to open issues. -->
<!-- If suggesting a new feature or change, please discuss it in an
issue first. -->
<!-- If fixing a bug, there should be an issue describing it with steps
to reproduce. -->
<!-- OSS: Please link to the issue here. Tyk: please create/link the
JIRA ticket. -->
## Motivation and Context
<!-- Why is this change required? What problem does it solve? -->
## How This Has Been Tested
<!-- Please describe in detail how you tested your changes -->
<!-- Include details of your testing environment, and the tests -->
<!-- you ran to see how your change affects other areas of the code,
etc. -->
<!-- This information is helpful for reviewers and QA. -->
## Screenshots (if appropriate)
## Types of changes
<!-- What types of changes does your code introduce? Put an `x` in all
the boxes that apply: -->
- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing
functionality to change)
- [ ] Refactoring or add test (improvements in base code or adds test
coverage to functionality)
## Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply -->
<!-- If there are no documentation updates required, mark the item as
checked. -->
<!-- Raise up any additional concerns not covered by the checklist. -->
- [ ] I ensured that the documentation is up to date
- [ ] I explained why this PR updates go.mod in detail with reasoning
why it's required
- [ ] I would like a code coverage CI quality gate exception and have
explained why
<!---TykTechnologies/jira-linter starts here-->
### Ticket Details
<details>
<summary>
<a href="https://tyktech.atlassian.net/browse/TT-16142" title="TT-16142"
target="_blank">TT-16142</a>
</summary>
| | |
|---------|----|
| Status | Open |
| Summary | High CVE's on 5.10.1 release |
Generated at: 2025-11-18 09:19:48
</details>
<!---TykTechnologies/jira-linter ends here-->
[TT-16142]:
https://tyktech.atlassian.net/browse/TT-16142?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
___
### **PR Type**
Enhancement, Bug fix
___
### **Description**
- Bump `runc` to v1.3.3 to address CVEs
- Upgrade `jose2go` to v1.8.0 security release
- Update `protobuf` to v1.36.5 patch
- Refresh go.sum to match new versions
___
### Diagram Walkthrough
```mermaid
flowchart LR
deps["Dependency versions"]
runc["opencontainers/runc v1.1.14 -> v1.3.3"]
jose["dvsekhvalnov/jose2go v1.6.0 -> v1.8.0"]
proto["google.golang.org/protobuf v1.36.4 -> v1.36.5"]
sum["go.sum updated"]
deps -- "upgrade" --> runc
deps -- "upgrade" --> jose
deps -- "upgrade" --> proto
runc -- "reflect in" --> sum
jose -- "reflect in" --> sum
proto -- "reflect in" --> sum
```
<details> <summary><h3> File Walkthrough</h3></summary>
<table><thead><tr><th></th><th align="left">Relevant
files</th></tr></thead><tbody><tr><td><strong>Dependencies</strong></td><td><table>
<tr>
<td>
<details>
<summary><strong>go.mod</strong><dd><code>Bump security-sensitive
dependencies in go.mod</code>
</dd></summary>
<hr>
go.mod
<ul><li>Upgrade <code>google.golang.org/protobuf</code> to v1.36.5.<br>
<li> Bump <code>github.com/dvsekhvalnov/jose2go</code> to v1.8.0
(indirect).<br> <li> Bump <code>github.com/opencontainers/runc</code> to
v1.3.3 (indirect).</ul>
</details>
</td>
<td><a
href="https://github.com/TykTechnologies/tyk/pull/7547/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6">+3/-3</a>
</td>
</tr>
<tr>
<td>
<details>
<summary><strong>go.sum</strong><dd><code>Refresh go.sum for upgraded
dependencies</code>
</dd></summary>
<hr>
go.sum
<ul><li>Update checksums for <code>jose2go</code> v1.8.0.<br> <li>
Update checksums for <code>runc</code> v1.3.3.<br> <li> Update checksums
for <code>protobuf</code> v1.36.5.</ul>
</details>
</td>
<td><a
href="https://github.com/TykTechnologies/tyk/pull/7547/files#diff-3295df7234525439d778f1b282d146a4f1ff6b415248aaac074e8042d9f42d63">+6/-6</a>
</td>
</tr>
</table></td></tr></tr></tbody></table>
</details>
___
Co-authored-by: andrei-tyk <97896463+andrei-tyk@users.noreply.github.com>
1 parent b84c70a commit dd4e595
2 files changed
Lines changed: 9 additions & 9 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
79 | 79 | | |
80 | 80 | | |
81 | 81 | | |
82 | | - | |
| 82 | + | |
83 | 83 | | |
84 | 84 | | |
85 | 85 | | |
| |||
280 | 280 | | |
281 | 281 | | |
282 | 282 | | |
283 | | - | |
| 283 | + | |
284 | 284 | | |
285 | 285 | | |
286 | 286 | | |
| |||
435 | 435 | | |
436 | 436 | | |
437 | 437 | | |
438 | | - | |
| 438 | + | |
439 | 439 | | |
440 | 440 | | |
441 | 441 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1180 | 1180 | | |
1181 | 1181 | | |
1182 | 1182 | | |
1183 | | - | |
1184 | | - | |
| 1183 | + | |
| 1184 | + | |
1185 | 1185 | | |
1186 | 1186 | | |
1187 | 1187 | | |
| |||
2035 | 2035 | | |
2036 | 2036 | | |
2037 | 2037 | | |
2038 | | - | |
2039 | | - | |
| 2038 | + | |
| 2039 | + | |
2040 | 2040 | | |
2041 | 2041 | | |
2042 | 2042 | | |
| |||
3272 | 3272 | | |
3273 | 3273 | | |
3274 | 3274 | | |
3275 | | - | |
3276 | | - | |
| 3275 | + | |
| 3276 | + | |
3277 | 3277 | | |
3278 | 3278 | | |
3279 | 3279 | | |
| |||
0 commit comments