Fix 15 CVEs (CVE-2026-25681, CVE-2026-27136, CVE-2026-33186, ...)#2294
Fix 15 CVEs (CVE-2026-25681, CVE-2026-27136, CVE-2026-33186, ...)#2294oadp-rebasebot-app[bot] wants to merge 1 commit into
Conversation
- CVE-2026-25681: golang.org/x/net v0.52.0 → 0.55.0 - CVE-2026-27136: golang.org/x/net v0.52.0 → 0.55.0 - CVE-2026-33186: google.golang.org/grpc v1.63.2 → 1.79.3 - CVE-2026-33814: golang.org/x/net v0.52.0 → 0.53.0 - CVE-2026-35469: github.com/moby/spdystream v0.2.0 → 0.5.1 - CVE-2026-39821: golang.org/x/net v0.52.0 → 0.55.0 - CVE-2026-39828: golang.org/x/crypto v0.49.0 → 0.52.0 - CVE-2026-39829: golang.org/x/crypto v0.49.0 → 0.52.0 - CVE-2026-39830: golang.org/x/crypto v0.49.0 → 0.52.0 - CVE-2026-39831: golang.org/x/crypto v0.49.0 → 0.52.0 - CVE-2026-39832: golang.org/x/crypto v0.49.0 → 0.52.0 - CVE-2026-39835: golang.org/x/crypto v0.49.0 → 0.52.0 - CVE-2026-42508: golang.org/x/crypto v0.49.0 → 0.52.0 - CVE-2026-46595: golang.org/x/crypto v0.49.0 → 0.52.0 - CVE-2026-46597: golang.org/x/crypto v0.49.0 → 0.52.0
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Repository: openshift/coderabbit/.coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
Hi @oadp-rebasebot-app[bot]. Thanks for your PR. I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: oadp-rebasebot-app[bot] The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
Codecov Report✅ All modified and coverable lines are covered by tests. Please upload reports for the commit defffd9 to get more accurate results. Additional details and impacted files@@ Coverage Diff @@
## oadp-1.4 #2294 +/- ##
=========================================
Coverage 32.62% 32.62%
=========================================
Files 30 30
Lines 4861 4861
=========================================
Hits 1586 1586
Misses 3100 3100
Partials 175 175 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
CVE Fixes
Automated scan found 15 fixable Go dependency CVE(s) in
openshift/oadp-operatoron branchoadp-1.4.How this was fixed
go get <package>@<fixed_version>for each vulnerable dependencygo mod tidyto clean upGenerated by cve-scan pipeline