Skip to content

Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /internal/tests#258

Merged
carlydf merged 3 commits intomainfrom
dependabot/go_modules/internal/tests/github.com/go-jose/go-jose/v4-4.1.4
Apr 25, 2026
Merged

Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /internal/tests#258
carlydf merged 3 commits intomainfrom
dependabot/go_modules/internal/tests/github.com/go-jose/go-jose/v4-4.1.4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 3, 2026
edited
Loading

Bumps github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4.

Release notes

Sourced from github.com/go-jose/go-jose/v4's releases.

v4.1.4

What's Changed

Fixes Panic in JWE decryption. See GHSA-78h2-9frx-2jm8

Full Changelog: go-jose/go-jose@v4.1.3...v4.1.4

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 3, 2026
@dependabot dependabot Bot requested review from a team and jlegrone as code owners April 3, 2026 04:00
@dependabot
Bump github.com/go-jose/go-jose/v4 in /internal/tests
dab75f8 
Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) from 4.1.3 to 4.1.4.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Commits](go-jose/go-jose@v4.1.3...v4.1.4)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
  dependency-version: 4.1.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/internal/tests/github.com/go-jose/go-jose/v4-4.1.4 branch from b5148b0 to dab75f8 Compare April 24, 2026 19:04
@carlydf carlydf enabled auto-merge (squash) April 25, 2026 00:48
@carlydf
Merge branch 'main' of github.com:temporalio/temporal-worker-controll…
9b6fd41 
…er into dependabot/go_modules/internal/tests/github.com/go-jose/go-jose/v4-4.1.4
@carlydf carlydf merged commit 35371a9 into main Apr 25, 2026
17 checks passed
@carlydf carlydf deleted the dependabot/go_modules/internal/tests/github.com/go-jose/go-jose/v4-4.1.4 branch April 25, 2026 01:36
shashwatsuri pushed a commit to shashwatsuri/temporal-worker-controller that referenced this pull request Apr 28, 2026
@dependabot @carlydf
Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /internal/t…
41ea6ec 
…ests (temporalio#258)

Bumps
[github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) from
4.1.3 to 4.1.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/go-jose/go-jose/releases">github.com/go-jose/go-jose/v4's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.4</h2>
<h2>What's Changed</h2>
<p>Fixes Panic in JWE decryption. See <a
href="https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8">https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8</a></p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4">https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9"><code>0e59876</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215"><code>ddffdbc</code></a>
Bump actions/checkout from 5 to 6 (<a
href="https://redirect.github.com/go-jose/go-jose/issues/213">#213</a>)</li>
<li>See full diff in <a
href="https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4">compare
view</a></li>
</ul>
</details>
<br />

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carly de Frondeville <cdefrondeville@berkeley.edu>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@carlydf carlydf carlydf approved these changes

@jlegrone jlegrone Awaiting requested review from jlegrone jlegrone is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@carlydf