Skip to content

fix(deps): vuln patch upgrades — 4 packages (patch: 4) [test/e2e]#425

Closed
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/go/e2e/1-1776941218
Closed

fix(deps): vuln patch upgrades — 4 packages (patch: 4) [test/e2e]#425
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/go/e2e/1-1776941218

Conversation

@gh-worker-campaigns-3e9aa4
Copy link
Copy Markdown
Contributor

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 Bot commented Apr 23, 2026

Summary: High-severity security update — 4 packages upgraded (patch changes only)

Manifests changed:

  • test/e2e (go)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package From To Type Dep Type Vulnerabilities Fixed
github.com/moby/spdystream v0.5.0 v0.5.1 patch Transitive 1 HIGH
github.com/aws/aws-sdk-go v1.55.7 v1.55.8 patch Transitive 2 MODERATE, 2 LOW
github.com/DataDog/test-infra-definitions v0.0.4-0.20250804151413-3b64b3917189 v0.0.6 patch Direct -
github.com/cloudflare/circl v1.6.1 v1.6.3 patch Transitive 3 LOW

Packages marked with "-" are updated due to dependency constraints.

Security Details

🚨 Critical & High Severity (1 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
github.com/moby/spdystream GHSA-pc3f-x583-g7j2 HIGH SpdyStream: DOS on CRI v0.5.0 0.5.1
ℹ️ Other Vulnerabilities (7)
Package CVE Severity Summary Unsafe Version Fixed In
github.com/aws/aws-sdk-go GO-2022-0646 MODERATE CBC padding oracle issue in AWS S3 Crypto SDK for golang in github.com/aws/aws-sdk-go v1.55.7 -
github.com/aws/aws-sdk-go GHSA-f5pg-7wfw-84q9 MODERATE CBC padding oracle issue in AWS S3 Crypto SDK for golang v1.55.7 1.34.0
github.com/aws/aws-sdk-go GO-2022-0635 LOW In-band key negotiation issue in AWS S3 Crypto SDK for golang in github.com/aws/aws-sdk-go v1.55.7 -
github.com/aws/aws-sdk-go GHSA-7f33-f4f5-xwgw LOW In-band key negotiation issue in AWS S3 Crypto SDK for golang v1.55.7 1.34.0
github.com/cloudflare/circl GHSA-q9hv-hpm4-hj6x LOW CIRCL has an incorrect calculation in secp384r1 CombinedMult v1.6.1 1.6.3
github.com/cloudflare/circl CVE-2026-1229 LOW - v1.6.1 -
github.com/cloudflare/circl GO-2026-4550 LOW CIRCL has an incorrect calculation in secp384r1 CombinedMult in github.com/cloudflare/circl v1.6.1 1.6.3

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 Bot deleted the engraver-auto-version-upgrade/minorpatch/go/e2e/1-1776941218 branch May 7, 2026 19:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-dependency-update adms-go adms-high-severity adms-low-severity adms-medium-severity adms-mode-all-updates adms-patch-update campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants