fix(deps): Update module golang.org/x/oauth2 to v0.27.0 [SECURITY] by renovate[bot] · Pull Request #301 · terraform-google-modules/terraform-google-scheduled-function

renovate · 2025-07-18T17:35:27Z

This PR contains the following updates:

Package	Change	Age	Confidence
golang.org/x/oauth2	`v0.26.0` → `v0.27.0`

golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability

CVE-2025-22868 / GHSA-6v2p-p543-phr9

More information

Details

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

Severity

CVSS Score: 7.5 / 10 (High)
Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Configuration

📅 Schedule: (UTC)

Branch creation
- ""
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate · 2025-07-18T17:35:29Z

ℹ Artifact update notice

File name: modules/project_cleanup/function_source/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

The go directive was updated for compatibility reasons

Details:

Package	Change
`go`	`1.22.7` -> `1.23.0`
`go (toolchain)`	`1.23.6` -> `1.24.11`

dpebot · 2025-07-18T17:35:41Z

/gcbrun

dpebot · 2025-08-10T14:43:38Z

/gcbrun

dpebot · 2025-08-22T17:24:56Z

/gcbrun

dpebot · 2025-08-22T18:06:56Z

/gcbrun

dpebot · 2025-09-11T01:44:16Z

/gcbrun

dpebot · 2025-09-11T04:33:56Z

/gcbrun

dpebot · 2025-09-11T10:51:35Z

/gcbrun

dpebot · 2025-09-11T13:33:29Z

/gcbrun

dpebot · 2025-09-11T20:59:24Z

/gcbrun

dpebot · 2025-09-11T21:21:20Z

/gcbrun

dpebot · 2025-09-11T22:03:31Z

/gcbrun

dpebot · 2025-09-11T22:22:29Z

/gcbrun

dpebot · 2025-09-12T04:32:21Z

/gcbrun

dpebot · 2025-09-15T17:01:48Z

/gcbrun

dpebot · 2025-12-24T08:56:46Z

/gcbrun

dpebot · 2025-12-24T08:56:48Z

/gcbrun

dpebot · 2026-02-02T15:08:26Z

/gcbrun

dpebot · 2026-02-12T10:06:49Z

/gcbrun

dpebot · 2026-02-24T09:16:07Z

/gcbrun

dpebot · 2026-03-30T21:23:47Z

/gcbrun

dpebot · 2026-03-30T21:23:48Z

/gcbrun

dpebot · 2026-04-27T23:33:11Z

/gcbrun

dpebot · 2026-04-27T23:33:14Z

/gcbrun

renovate Bot requested a review from a team as a code owner July 18, 2025 17:35

renovate Bot added the type:security label Jul 18, 2025

renovate Bot force-pushed the renovate/go-golang.org-x-oauth2-vulnerability branch from 8662fdd to 0cd0cd1 Compare August 10, 2025 14:43

renovate Bot force-pushed the renovate/go-golang.org-x-oauth2-vulnerability branch from 0cd0cd1 to 05ef404 Compare August 22, 2025 17:24

renovate Bot force-pushed the renovate/go-golang.org-x-oauth2-vulnerability branch from 05ef404 to c08287c Compare August 22, 2025 17:37

renovate Bot force-pushed the renovate/go-golang.org-x-oauth2-vulnerability branch from c08287c to 2f071d8 Compare September 11, 2025 01:44

renovate Bot force-pushed the renovate/go-golang.org-x-oauth2-vulnerability branch from 2f071d8 to 6bcce78 Compare September 11, 2025 04:33

renovate Bot force-pushed the renovate/go-golang.org-x-oauth2-vulnerability branch from 6bcce78 to 08fca92 Compare September 11, 2025 10:51

renovate Bot force-pushed the renovate/go-golang.org-x-oauth2-vulnerability branch from 08fca92 to fc9829e Compare September 11, 2025 13:33

renovate Bot force-pushed the renovate/go-golang.org-x-oauth2-vulnerability branch from fc9829e to e756272 Compare September 11, 2025 20:59

renovate Bot force-pushed the renovate/go-golang.org-x-oauth2-vulnerability branch from e756272 to b9049f9 Compare September 11, 2025 21:21

renovate Bot force-pushed the renovate/go-golang.org-x-oauth2-vulnerability branch from b9049f9 to 5fbec53 Compare September 11, 2025 22:03

renovate Bot force-pushed the renovate/go-golang.org-x-oauth2-vulnerability branch from 5fbec53 to a14c31f Compare September 11, 2025 22:22

renovate Bot force-pushed the renovate/go-golang.org-x-oauth2-vulnerability branch from a14c31f to cf44b33 Compare September 12, 2025 04:32

renovate Bot force-pushed the renovate/go-golang.org-x-oauth2-vulnerability branch from cf44b33 to 71974f8 Compare September 15, 2025 17:01

renovate Bot deleted the renovate/go-golang.org-x-oauth2-vulnerability branch December 24, 2025 05:59

renovate Bot changed the title ~~fix(deps): Update module golang.org/x/oauth2 to v0.27.0 [SECURITY] - autoclosed~~ fix(deps): Update module golang.org/x/oauth2 to v0.27.0 [SECURITY] Dec 24, 2025

renovate Bot reopened this Dec 24, 2025

renovate Bot force-pushed the renovate/go-golang.org-x-oauth2-vulnerability branch 2 times, most recently from 448cd9b to 338a12b Compare December 24, 2025 08:56

renovate Bot force-pushed the renovate/go-golang.org-x-oauth2-vulnerability branch from 338a12b to c6a1b51 Compare February 2, 2026 15:08

renovate Bot force-pushed the renovate/go-golang.org-x-oauth2-vulnerability branch from c6a1b51 to 245ad9d Compare February 12, 2026 10:06

renovate Bot force-pushed the renovate/go-golang.org-x-oauth2-vulnerability branch from 245ad9d to 7879ff5 Compare February 24, 2026 09:15

renovate Bot changed the title ~~fix(deps): Update module golang.org/x/oauth2 to v0.27.0 [SECURITY]~~ fix(deps): Update module golang.org/x/oauth2 to v0.27.0 [SECURITY] - autoclosed Mar 27, 2026

renovate Bot closed this Mar 27, 2026

renovate Bot changed the title ~~fix(deps): Update module golang.org/x/oauth2 to v0.27.0 [SECURITY] - autoclosed~~ fix(deps): Update module golang.org/x/oauth2 to v0.27.0 [SECURITY] Mar 30, 2026

renovate Bot reopened this Mar 30, 2026

renovate Bot force-pushed the renovate/go-golang.org-x-oauth2-vulnerability branch 2 times, most recently from 7879ff5 to e9f89fc Compare March 30, 2026 21:23

renovate Bot changed the title ~~fix(deps): Update module golang.org/x/oauth2 to v0.27.0 [SECURITY]~~ fix(deps): Update module golang.org/x/oauth2 to v0.27.0 [SECURITY] - autoclosed Apr 27, 2026

renovate Bot closed this Apr 27, 2026

fix(deps): Update module golang.org/x/oauth2 to v0.27.0 [SECURITY]

22eaeeb

renovate Bot changed the title ~~fix(deps): Update module golang.org/x/oauth2 to v0.27.0 [SECURITY] - autoclosed~~ fix(deps): Update module golang.org/x/oauth2 to v0.27.0 [SECURITY] Apr 27, 2026

renovate Bot reopened this Apr 27, 2026

renovate Bot force-pushed the renovate/go-golang.org-x-oauth2-vulnerability branch 2 times, most recently from e9f89fc to 22eaeeb Compare April 27, 2026 23:33

Conversation

renovate Bot commented Jul 18, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability

Details

Severity

References

Configuration

Uh oh!

renovate Bot commented Jul 18, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

ℹ Artifact update notice

File name: modules/project_cleanup/function_source/go.mod

Uh oh!

dpebot commented Jul 18, 2025

Uh oh!

dpebot commented Aug 10, 2025

Uh oh!

dpebot commented Aug 22, 2025

Uh oh!

dpebot commented Aug 22, 2025

Uh oh!

dpebot commented Sep 11, 2025

Uh oh!

dpebot commented Sep 11, 2025

Uh oh!

dpebot commented Sep 11, 2025

Uh oh!

dpebot commented Sep 11, 2025

Uh oh!

dpebot commented Sep 11, 2025

Uh oh!

dpebot commented Sep 11, 2025

Uh oh!

dpebot commented Sep 11, 2025

Uh oh!

dpebot commented Sep 11, 2025

Uh oh!

dpebot commented Sep 12, 2025

Uh oh!

dpebot commented Sep 15, 2025

Uh oh!

dpebot commented Dec 24, 2025

Uh oh!

dpebot commented Dec 24, 2025

Uh oh!

dpebot commented Feb 2, 2026

Uh oh!

dpebot commented Feb 12, 2026

Uh oh!

dpebot commented Feb 24, 2026

Uh oh!

dpebot commented Mar 30, 2026

Uh oh!

dpebot commented Mar 30, 2026

Uh oh!

dpebot commented Apr 27, 2026

Uh oh!

dpebot commented Apr 27, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

renovate Bot commented Jul 18, 2025 •

edited

Loading

renovate Bot commented Jul 18, 2025 •

edited

Loading