Skip to content

Commit 30e7611

Browse files
divyansh42claudecursoragent
authored andcommitted
fix(cve): CVE-2026-34986 - go-jose/go-jose/v4
- Update github.com/go-jose/go-jose/v4 from v4.1.3 to v4.1.4 - Addresses denial of service vulnerability via crafted JWE object - go mod tidy && go mod verify passed - go mod vendor synced Resolves: SRVKP-11504 Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Cursor <cursoragent@cursor.com>
1 parent ac99b92 commit 30e7611

6 files changed

Lines changed: 40 additions & 14 deletions

File tree

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -155,7 +155,7 @@ require (
155155
github.com/gdamore/tcell/v2 v2.9.0 // indirect
156156
github.com/go-chi/chi/v5 v5.2.3 // indirect
157157
github.com/go-errors/errors v1.4.2 // indirect
158-
github.com/go-jose/go-jose/v4 v4.1.3 // indirect
158+
github.com/go-jose/go-jose/v4 v4.1.4 // indirect
159159
github.com/go-kit/log v0.2.1 // indirect
160160
github.com/go-logfmt/logfmt v0.6.0 // indirect
161161
github.com/go-logr/logr v1.4.3 // indirect

go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -479,8 +479,8 @@ github.com/go-fed/httpsig v1.1.0/go.mod h1:RCMrTZvN1bJYtofsG4rd5NaO5obxQ5xBkdiS7
479479
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
480480
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
481481
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
482-
github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs=
483-
github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=
482+
github.com/go-jose/go-jose/v4 v4.1.4 h1:moDMcTHmvE6Groj34emNPLs/qtYXRVcd6S7NHbHz3kA=
483+
github.com/go-jose/go-jose/v4 v4.1.4/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=
484484
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
485485
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
486486
github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=

vendor/github.com/go-jose/go-jose/v4/asymmetric.go

Lines changed: 9 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/github.com/go-jose/go-jose/v4/cipher/key_wrap.go

Lines changed: 9 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/github.com/go-jose/go-jose/v4/symmetric.go

Lines changed: 18 additions & 8 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/modules.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -667,7 +667,7 @@ github.com/go-chi/chi/v5/middleware
667667
# github.com/go-errors/errors v1.4.2
668668
## explicit; go 1.14
669669
github.com/go-errors/errors
670-
# github.com/go-jose/go-jose/v4 v4.1.3
670+
# github.com/go-jose/go-jose/v4 v4.1.4
671671
## explicit; go 1.24.0
672672
github.com/go-jose/go-jose/v4
673673
github.com/go-jose/go-jose/v4/cipher

0 commit comments

Comments
 (0)