Skip to content

[main] Update dependencies to fix CVEs#3796

Merged
prkalle merged 1 commit into
cloudfoundry:mainfrom
prkalle:fix/hydrabroker-cves
Jun 16, 2026
Merged

[main] Update dependencies to fix CVEs#3796
prkalle merged 1 commit into
cloudfoundry:mainfrom
prkalle:fix/hydrabroker-cves

Conversation

@prkalle

@prkalle prkalle commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Description of the Change

Related PR on v8 branch : #3795

This PR update dependencies to fix the CVEs in integration test assets

NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-39832 Critical
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-46595 Critical
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-39830 Critical
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-39834 Critical
golang.org/x/net v0.47.0 0.55.0 go-module CVE-2026-39821 Critical
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-46597 High
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-39833 Critical
golang.org/x/net v0.47.0 0.55.0 go-module CVE-2026-25680 Medium
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-42508 Critical
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-39831 Critical
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-39829 High
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-46598 Medium
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-39828 Medium
golang.org/x/net v0.47.0 0.55.0 go-module CVE-2026-42506 Medium
golang.org/x/net v0.47.0 0.55.0 go-module CVE-2026-25681 Medium
golang.org/x/net v0.47.0 0.55.0 go-module CVE-2026-27136 Medium
golang.org/x/net v0.47.0 0.55.0 go-module CVE-2026-42502 Medium
golang.org/x/net v0.47.0 0.53.0 go-module CVE-2026-33814 High
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-39835 Medium
golang.org/x/crypto v0.45.0 0.52.0 go-module CVE-2026-39827 Medium
golang.org/x/sys v0.38.0 0.44.0 go-module CVE-2026-39824 Low

Why Is This PR Valuable?

It addressed the CVE fixes

Applicable Issues

How Urgent Is The Change?

Failrly urgent- Fixes the CVEs

Other Relevant Parties

Who else is affected by the change?

@prkalle prkalle force-pushed the fix/hydrabroker-cves branch from b5acb46 to 26e5fc9 Compare June 15, 2026 19:26
@prkalle prkalle changed the title Fix CVEs in hydrabroker dependencies [main] Update dependencies to fix CVEs Jun 15, 2026
@prkalle prkalle marked this pull request as ready for review June 15, 2026 19:32
@prkalle
Update dependencies to fix CVEs
acfcbf7 
Updates vulnerable golang.org/x packages in integration/assets/hydrabroker/go.mod
to match the secure versions from the main go.mod:

- golang.org/x/crypto: v0.45.0 → v0.52.0
- golang.org/x/net: v0.47.0 → v0.55.0
- golang.org/x/sys: v0.38.0 → v0.45.0
- golang.org/x/text: v0.31.0 → v0.37.0

Signed-off-by: Prem Kumar Kalle <prem.kalle@broadcom.com>
@prkalle prkalle force-pushed the fix/hydrabroker-cves branch from 26e5fc9 to acfcbf7 Compare June 15, 2026 20:54
anujc25
anujc25 approved these changes Jun 16, 2026
View reviewed changes

@anujc25 anujc25 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@prkalle prkalle merged commit 4bcd492 into cloudfoundry:main Jun 16, 2026
15 of 16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anujc25 anujc25 anujc25 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@prkalle @anujc25