Skip to content

Bump github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream from 1.6.7 to 1.7.8#1136

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream-1.7.8
Closed

Bump github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream from 1.6.7 to 1.7.8#1136
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream-1.7.8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 14, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream from 1.6.7 to 1.7.8.

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 14, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream-1.7.8 branch 3 times, most recently from 4fbe5c9 to 358a8ac Compare May 15, 2026 00:05
Bumps [github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream](https://github.com/aws/aws-sdk-go-v2) from 1.6.7 to 1.7.8.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/rum/v1.6.7...service/m2/v1.7.8)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream
  dependency-version: 1.7.8
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream-1.7.8 branch from 358a8ac to 0995e98 Compare May 15, 2026 00:14
@kusari-inspector

kusari-inspector Bot commented May 15, 2026

Copy link
Copy Markdown

Kusari Inspector

Kusari Analysis Results:

Proceed with these changes

✅ No Flagged Issues Detected
All values appear to be within acceptable risk parameters.

Both dependency and code security analyses independently recommend merging this PR. The dependency update remediates a known Medium severity DoS vulnerability (GHSA-xmrv-pmrh-hhx2) in github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream by upgrading from v1.6.7 to v1.7.8, which carries no active advisories. The accompanying smithy-go update (v1.22.1 to v1.24.2) introduces no new vulnerabilities. Both packages are well-maintained, carry permissive licenses (Apache-2.0, BSD-3-Clause), and are not deprecated. The code analysis returned zero findings across all categories — no code issues, no exposed secrets, and no workflow concerns. The scanned go.mod and go.sum files are clean. Merging this PR strictly improves the security posture of the repository with no new risk introduced.

Note

View full detailed analysis result for more information on the output and the checks that were run.


@kusari-inspector rerun - Trigger a re-analysis of this PR
@kusari-inspector feedback [your message] - Send feedback to our AI and team
See Kusari's documentation for setup and configuration.
Commit: 0995e98, performed at: 2026-05-15T00:59:23Z

Found this helpful? Give it a 👍 or 👎 reaction!

@kusari-inspector

Copy link
Copy Markdown

Kusari PR Analysis rerun based on - 0995e98 performed at: 2026-05-15T00:32:56Z - link to updated analysis

@dependabot @github

dependabot Bot commented on behalf of github May 15, 2026

Copy link
Copy Markdown
Contributor Author

Looks like github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this May 15, 2026
@dependabot dependabot Bot deleted the dependabot/go_modules/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream-1.7.8 branch May 15, 2026 00:36
@kusari-inspector

Copy link
Copy Markdown

Kusari PR Analysis rerun based on - 0995e98 performed at: 2026-05-15T00:59:42Z - link to updated analysis

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants