chore(deps): update module golang.org/x/oauth2 to v0.27.0 [security] (release-0.34)#352
Conversation
Signed-off-by: redhat-renovate-bot <redhat-internal-renovate@redhat.com>
ℹ Artifact update noticeFile name: go.modIn order to perform the update(s) described in the table above, Renovate ran the
Details:
|
redhat-renovate-bot
added
the
release-note-none
kubevirt-bot
added
the
dco-signoff: yes
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: redhat-renovate-bot The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
We cannot upgrade Go version on this stable branch. |
Renovate Ignore NotificationBecause you closed this PR without merging, Renovate will ignore this update ( If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR. |
redhat-renovate-bot
deleted the
renovate/release-0.34-go-golang.org-x-oauth2-vulnerability
branch
3 participants
This PR contains the following updates:
v0.13.0->v0.27.0Unexpected memory consumption during token parsing in golang.org/x/oauth2
CVE-2025-22868 / GO-2025-3488
More information
Details
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.