Skip to content

Dependency Update: GO-2025-3553 & GO-2025-3533 #36

Open
Open
Dependency Update: GO-2025-3553 & GO-2025-3533#36
@ole-gensch-csw

Description

@ole-gensch-csw
ole-gensch-csw
opened on Feb 6, 2026

I would like to propose updating the dependencies of this module.
A govulncheck test returns the following two vulnerabilities:

=== Symbol Results ===

Vulnerability #1: GO-2025-3553
    Excessive memory allocation during header parsing in
    github.com/golang-jwt/jwt
  More info: https://pkg.go.dev/vuln/GO-2025-3553
  Module: github.com/golang-jwt/jwt
    Found in: github.com/golang-jwt/jwt@v3.2.2+incompatible
    Fixed in: N/A
    Example traces found:
      #1: oapi_validate.go:31:2: echo.init calls middleware.init, which calls jwt.init

Vulnerability #2: GO-2025-3533
    Improper Handling of Highly Compressed Data (Data Amplification) in
    github.com/getkin/kin-openapi/openapi3filter
  More info: https://pkg.go.dev/vuln/GO-2025-3533
  Module: github.com/getkin/kin-openapi
    Found in: github.com/getkin/kin-openapi@v0.124.0
    Fixed in: github.com/getkin/kin-openapi@v0.131.0
    Example traces found:
      #1: oapi_validate.go:147:38: echo.ValidateRequestFromContext calls openapi3filter.ValidateRequest

Your code is affected by 2 vulnerabilities from 2 modules.
This scan also found 0 vulnerabilities in packages you import and 10
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions