Skip to content

chore(deps): update security updates [security]#589

Merged
NumaryBot merged 1 commit intomainfrom
renovate/security
Apr 8, 2026
Merged

chore(deps): update security updates [security]#589
NumaryBot merged 1 commit intomainfrom
renovate/security

Conversation

@NumaryBot
Copy link
Copy Markdown
Contributor

@NumaryBot NumaryBot commented Apr 8, 2026

This PR contains the following updates:

Package Type Update Change
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream indirect patch v1.7.7 -> v1.7.8
github.com/aws/aws-sdk-go-v2/service/s3 require patch v1.97.1 -> v1.97.3

GitHub Vulnerability Alerts

GHSA-xmrv-pmrh-hhx2

CVSSv3.1 Rating: [Medium]
CVSSv3.1 Score: [5.9]
CVSSv3.1 Vector String: [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H]

Summary and Impact

An issue exists in the the EventStream header decoder in AWS SDK for Go v2 in versions predating 2026-03-23. An actor can send a malformed EventStream response frame containing a crafted header value type byte outside the valid range, which can cause the host process to terminate.

Impacted versions: < 2026-03-23

Patches

This issue has been addressed in versions 2026-03-23 and above. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes.

Workarounds

Not Applicable

References

If you have any questions or comments about this advisory, we ask that you contact [AWS/Amazon] Security via our vulnerability reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@NumaryBot NumaryBot requested review from a team as code owners April 8, 2026 03:14
@NumaryBot NumaryBot enabled auto-merge April 8, 2026 03:14
@NumaryBot
Copy link
Copy Markdown
Contributor Author

NumaryBot commented Apr 8, 2026

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 7 additional dependencies were updated

Details:

Package Change
github.com/aws/aws-sdk-go-v2 v1.41.4 -> v1.41.5
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.20 -> v1.4.21
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.20 -> v2.7.21
github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.21 -> v1.4.22
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.12 -> v1.9.13
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.20 -> v1.13.21
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.20 -> v1.19.21

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 8, 2026

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (2)
  • go.mod is excluded by !**/*.mod
  • go.sum is excluded by !**/*.sum, !**/*.sum

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fc31891a-c880-4de1-a471-79bcdafa20b5

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch renovate/security

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 8, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 28.60%. Comparing base (76a1a54) to head (0a7b2e6).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #589   +/-   ##
=======================================
  Coverage   28.60%   28.60%           
=======================================
  Files         180      180           
  Lines        7190     7190           
=======================================
  Hits         2057     2057           
  Misses       5019     5019           
  Partials      114      114

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@NumaryBot NumaryBot added this pull request to the merge queue Apr 8, 2026
Merged via the queue into main with commit 99c2521 Apr 8, 2026
10 of 12 checks passed
@NumaryBot NumaryBot deleted the renovate/security branch April 8, 2026 07:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fguery fguery fguery approved these changes

Assignees

No one assigned

Labels

security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@NumaryBot @fguery