Skip to content

Commit 60d1d2b

Browse files
vdemeesterclaude
vdemeester
and
claude
committed
build(deps): bump google.golang.org/grpc from 1.75.0 to 1.79.3
- Fix CVE-2026-33186 (critical authorization bypass via missing leading slash) - Bump go-jose/v4 to v4.1.4 and otel to v1.43.0 for additional CVE fixes Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Vincent Demeester <vdemeest@redhat.com>
1 parent 86a4076 commit 60d1d2b

34 files changed

Lines changed: 260 additions & 631 deletions

File tree

go.mod

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ require (
4747
github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.9.5
4848
github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.9.5
4949
go.opentelemetry.io/otel v1.43.0
50-
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0
50+
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.42.0
5151
go.opentelemetry.io/otel/sdk v1.43.0
5252
go.opentelemetry.io/otel/trace v1.43.0
5353
k8s.io/utils v0.0.0-20241210054802-24370beab758
@@ -224,7 +224,7 @@ require (
224224
golang.org/x/tools v0.44.0 // indirect
225225
google.golang.org/api v0.233.0 // indirect
226226
google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb // indirect
227-
google.golang.org/grpc v1.80.0
227+
google.golang.org/grpc v1.79.3
228228
google.golang.org/protobuf v1.36.11
229229
gopkg.in/inf.v0 v0.9.1 // indirect
230230
gopkg.in/yaml.v2 v2.4.0 // indirect

go.sum

Lines changed: 6 additions & 6 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/client.go

Lines changed: 3 additions & 18 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/doc.go

Lines changed: 0 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/internal/version.go

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/google.golang.org/grpc/attributes/attributes.go

Lines changed: 22 additions & 55 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/google.golang.org/grpc/balancer/balancer.go

Lines changed: 15 additions & 17 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/google.golang.org/grpc/balancer/base/balancer.go

Lines changed: 4 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/google.golang.org/grpc/balancer/endpointsharding/endpointsharding.go

Lines changed: 6 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer.pb.go

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)