Skip to content

Update vulnerable dependencies#171

Merged
tamalsaha merged 1 commit into
masterfrom
fix-dependabot-vulns
Jun 21, 2026
Merged

Update vulnerable dependencies#171
tamalsaha merged 1 commit into
masterfrom
fix-dependabot-vulns

Conversation

@tamalsaha

Copy link
Copy Markdown
Contributor

Resolves open Dependabot security alerts by bumping transitive dependencies to their first patched versions:

Package From To Advisory
github.com/containerd/containerd v1.7.29 v1.7.32 GHSA-fqw6-gf59-qr4w / CVE-2026-46680 (high)
github.com/moby/spdystream v0.5.0 v0.5.1 GHSA-h67p-54hq-rp68-class (high)

go mod tidy && go mod vendor run; go build ./... passes.

Fixes Dependabot security alerts:
- github.com/containerd/containerd v1.7.29 => v1.7.32 (GHSA-fqw6-gf59-qr4w / CVE-2026-46680)
- github.com/moby/spdystream v0.5.0 => v0.5.1 (GHSA-... high severity)

Signed-off-by: Tamal Saha <tamal@appscode.com>
@tamalsaha tamalsaha merged commit 6840206 into master Jun 21, 2026
4 checks passed
@tamalsaha tamalsaha deleted the fix-dependabot-vulns branch June 21, 2026 09:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant