[TT-16932] [Critical Fix 5.12.1 / 5.8.13] CVE fixes#8024
Merged
buger merged 2 commits intorelease-5.8.13from Apr 17, 2026
Merged
[TT-16932] [Critical Fix 5.12.1 / 5.8.13] CVE fixes#8024buger merged 2 commits intorelease-5.8.13from
buger merged 2 commits intorelease-5.8.13from
Conversation
Contributor
|
Failed to generate code suggestions for PR |
Contributor
|
API Changes no api changes detected |
MFCaballero
changed the title
|
MFCaballero
added
the
deps-reviewed
buraksezer
approved these changes
Apr 17, 2026
buger
added a commit
that referenced
this pull request
Apr 17, 2026
- CVE-2026-34986: bump go-jose/v4 v4.0.5 -> v4.1.4 - CVE-2026-39883: bump otel/sdk v1.40.0 -> v1.43.0 (via TykTechnologies/opentelemetry v0.0.25) - Also bumps go directive 1.24.6 -> 1.25.0 (matching base branch release-5.8.13) Consolidating all CVE fixes into single PR #8024. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- CVE-2026-34986: bump go-jose/v4 v4.0.5 -> v4.1.4 - CVE-2026-39883: bump otel/sdk v1.40.0 -> v1.43.0 (via TykTechnologies/opentelemetry v0.0.25) - Also bumps go directive 1.24.6 -> 1.25.0 (matching base branch release-5.8.13) Consolidating all CVE fixes into single PR #8024. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
🚨 Jira Linter FailedCommit: The Jira linter failed to validate your PR. Please check the error details below: 🔍 Click to view error detailsNext Steps
This comment will be automatically deleted once the linter passes. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR addresses the following CVEs for release-5.8.13:
[CVE-2026-34986] go-jose/v3 -> Updated to v3.0.5 ✅
[CVE-2026-34986] go-jose/v4 -> Updated to v4.1.4 ✅
[CVE-2026-39883] otel/sdk -> Updated to v1.43.0 (via TykTechnologies/opentelemetry v0.0.25) ✅
Note: go directive bumped 1.24.6 -> 1.25.0 to match the base branch (release-5.8.13 is already on go 1.25).
Related Issue
TT-16932
Test Plan
go build ./...passes