Skip to content

fix(deps): bump otel, x/sys, protobuf for open Dependabot alerts#74

Open
sezaakgun wants to merge 1 commit into
developfrom
ai-cve-patcher
Open

fix(deps): bump otel, x/sys, protobuf for open Dependabot alerts#74
sezaakgun wants to merge 1 commit into
developfrom
ai-cve-patcher

Conversation

@sezaakgun

Copy link
Copy Markdown
Collaborator

Summary

Bumps three Go dependencies in the insrequester module to their Dependabot-recommended fixed versions (this was the only module in the repo referencing the vulnerable versions):

Package Before After
go.opentelemetry.io/otel (+ /trace, /metric) v1.40.0 v1.41.0
golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40 v0.0.0-20220412211240-33da011f77ad
google.golang.org/protobuf v1.26.0-rc.1 v1.33.0

github.com/golang/protobuf was also bumped transitively (v1.4.3 -> v1.5.0) as a go mod tidy side effect of the protobuf bump.

Other modules checked: inssentry already has golang.org/x/sys at v0.6.0 (already above the fixed version, no change needed). insrequester/v3 already has otel at v1.43.0 (already above fixed version, no change needed).

Evidence

  • go build ./... — success
  • go test ./... — 9 passed in 1 packages
  • go mod tidy — clean

Test plan

  • go build ./... in insrequester
  • go test ./... in insrequester

- go.opentelemetry.io/otel: v1.40.0 -> v1.41.0
- golang.org/x/sys: v0.0.0-20210603081109-ebe580a85c40 -> v0.0.0-20220412211240-33da011f77ad
- google.golang.org/protobuf: v1.26.0-rc.1 -> v1.33.0

Applied to insrequester module (only module referencing these outdated versions).
@sezaakgun sezaakgun requested a review from rafet as a code owner July 2, 2026 11:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants