Skip to content

What is the process of security vulnerabilities, v3.6.5 has CVE-2025-29786 for github.com/expr-lang/expr:1.16.9 and CVE-2025-30204 for github.com/golang-jwt/jwt/v5:5.2.1 #14343

Answered by tczhao
pkmmann asked this question in Q&A
What is the process of security vulnerabilities, v3.6.5 has CVE-2025-29786 for github.com/expr-lang/expr:1.16.9 and CVE-2025-30204 for github.com/golang-jwt/jwt/v5:5.2.1 #14343
@pkmmann pkmmann
Apr 1, 2025 · 1 comments · 3 replies
Answered by tczhao Return to top
Discussion options

pkmmann
Apr 1, 2025

You must be logged in to vote
Answered by tczhao Apr 1, 2025

If it's a direct dependency, we will have dependentbot raise the PR and auto merge #14307
Looks like something failed, will fix it
for indirect dependency, we will have to wait for the parent package made the fix first.
Security fixes will get included in the next release

View full answer

Replies: 1 comment 3 replies

Comment options

tczhao
Apr 1, 2025
Collaborator

You must be logged in to vote
3 replies
@pkmmann
Comment options

pkmmann Apr 1, 2025
Author

@tczhao
Comment options

tczhao Apr 4, 2025
Collaborator

@pkmmann
Comment options

pkmmann Apr 7, 2025
Author

Answer selected by pkmmann
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants
@pkmmann @tczhao