Skip to content

Bump github.com/moby/spdystream to v0.5.1 (GHSA-pc3f-x583-g7j2)#98

Merged
tamalsaha merged 1 commit into
masterfrom
fix-spdystream-cve
Jun 19, 2026
Merged

Bump github.com/moby/spdystream to v0.5.1 (GHSA-pc3f-x583-g7j2)#98
tamalsaha merged 1 commit into
masterfrom
fix-spdystream-cve

Conversation

@tamalsaha

Copy link
Copy Markdown
Contributor

Bumps github.com/moby/spdystream from v0.5.0 to the patched v0.5.1.

Fixes Dependabot alert GHSA-pc3f-x583-g7j2 (high severity) — SpdyStream DoS on CRI. The vulnerable range is <= 0.5.0; the dependency is pulled in transitively. Updated go.mod, go.sum, and vendored sources via go get .../spdystream@v0.5.1 && go mod tidy && go mod vendor. Builds clean.

Fixes GHSA-pc3f-x583-g7j2 (high): SpdyStream DoS on CRI. The vulnerable
version <= v0.5.0 is pulled in transitively; bump to the patched v0.5.1.

Signed-off-by: Tamal Saha <tamal@appscode.com>
@tamalsaha tamalsaha merged commit a675fec into master Jun 19, 2026
3 checks passed
@tamalsaha tamalsaha deleted the fix-spdystream-cve branch June 19, 2026 06:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant