Bump github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream from 1.6.7 to 1.7.8#1136
Conversation
4fbe5c9 to
358a8ac
Compare
Bumps [github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream](https://github.com/aws/aws-sdk-go-v2) from 1.6.7 to 1.7.8. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/rum/v1.6.7...service/m2/v1.7.8) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream dependency-version: 1.7.8 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
358a8ac to
0995e98
Compare
Kusari Analysis Results:
Both dependency and code security analyses independently recommend merging this PR. The dependency update remediates a known Medium severity DoS vulnerability (GHSA-xmrv-pmrh-hhx2) in github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream by upgrading from v1.6.7 to v1.7.8, which carries no active advisories. The accompanying smithy-go update (v1.22.1 to v1.24.2) introduces no new vulnerabilities. Both packages are well-maintained, carry permissive licenses (Apache-2.0, BSD-3-Clause), and are not deprecated. The code analysis returned zero findings across all categories — no code issues, no exposed secrets, and no workflow concerns. The scanned go.mod and go.sum files are clean. Merging this PR strictly improves the security posture of the repository with no new risk introduced. Note View full detailed analysis result for more information on the output and the checks that were run.
Found this helpful? Give it a 👍 or 👎 reaction! |
|
Kusari PR Analysis rerun based on - 0995e98 performed at: 2026-05-15T00:32:56Z - link to updated analysis |
|
Looks like github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream is up-to-date now, so this is no longer needed. |
|
Kusari PR Analysis rerun based on - 0995e98 performed at: 2026-05-15T00:59:42Z - link to updated analysis |
Bumps github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream from 1.6.7 to 1.7.8.
Commits
e3b97d2Release 2023-10-12863010dRegenerated Clients6946ef8Update endpoints model6d93dedUpdate API modelbebc232fix: fail to load config if configured profile doesn't exist (#2309)5de4674fix DNS timeout error not retried (#2300)e155bb7Release 2023-10-069d342baRegenerated Clients1df9914Update SDK's smithy-go dependency to v1.15.032ada3aUpdate API model