Skip to content

[v8]Update dependencies to fix CVEs#3795

Merged
prkalle merged 1 commit into
cloudfoundry:v8from
prkalle:fix/v8-cves
Jun 16, 2026
Merged

[v8]Update dependencies to fix CVEs#3795
prkalle merged 1 commit into
cloudfoundry:v8from
prkalle:fix/v8-cves

Conversation

@prkalle

@prkalle prkalle commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Description of the Change

This PR update dependencies to fix the CVEs in integration test assets

NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-39832 Critical
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-46595 Critical
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-39830 Critical
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-39834 Critical
golang.org/x/net v0.47.0 0.55.0 go-module CVE-2026-39821 Critical
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-46597 High
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-39833 Critical
golang.org/x/net v0.47.0 0.55.0 go-module CVE-2026-25680 Medium
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-42508 Critical
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-39831 Critical
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-39829 High
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-46598 Medium
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-39828 Medium
golang.org/x/net v0.47.0 0.55.0 go-module CVE-2026-42506 Medium
golang.org/x/net v0.47.0 0.55.0 go-module CVE-2026-25681 Medium
golang.org/x/net v0.47.0 0.55.0 go-module CVE-2026-27136 Medium
golang.org/x/net v0.47.0 0.55.0 go-module CVE-2026-42502 Medium
golang.org/x/net v0.47.0 0.53.0 go-module CVE-2026-33814 High
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-39835 Medium
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-39827 Medium
golang.org/x/sys v0.38.0 0.44.0 go-module CVE-2026-39824 Low

Why Is This PR Valuable?

It addressed the CVE fixes

Applicable Issues

How Urgent Is The Change?

Failrly urgent- Fixes the CVEs

Other Relevant Parties

Who else is affected by the change?

@prkalle prkalle changed the title build: update bosh-utils to fix CVEs on v8 branch Update bosh-utils to fix CVEs on v8 branch Jun 15, 2026
@prkalle prkalle changed the title Update bosh-utils to fix CVEs on v8 branch Update dependencies to fix CVEs in v8 branch Jun 15, 2026
@prkalle prkalle changed the title Update dependencies to fix CVEs in v8 branch [v8]Update dependencies to fix CVEs Jun 15, 2026
@prkalle prkalle mentioned this pull request Jun 15, 2026
Merged
@prkalle
Update dependencies to fix CVEs in v8 branch
ae8fbb3 
Updates multiple dependency versions to address security vulnerabilities:

Main go.mod updates:
- Updates bosh-utils and other core dependencies
- Resolves CVEs in primary application dependencies

Hydrabroker go.mod updates:
- golang.org/x/crypto: v0.45.0 → v0.52.0
- golang.org/x/mod: v0.29.0 → v0.36.0
- golang.org/x/net: v0.47.0 → v0.55.0
- golang.org/x/sync: v0.18.0 → v0.20.0
- golang.org/x/sys: v0.38.0 → v0.45.0
- golang.org/x/text: v0.31.0 → v0.37.0
- golang.org/x/tools: v0.38.0 → v0.45.0

Signed-off-by: Prem Kumar Kalle <prem.kalle@broadcom.com>
anujc25
anujc25 approved these changes Jun 16, 2026
View reviewed changes

@anujc25 anujc25 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks

@prkalle prkalle merged commit 1729934 into cloudfoundry:v8 Jun 16, 2026
15 of 16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anujc25 anujc25 anujc25 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@prkalle @anujc25