Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 #11544

Merged
merged 3 commits into from
Mar 17, 2025
Merged

Bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 #11544

merged 3 commits into from
Mar 17, 2025

Conversation

austinvazquez
Copy link
Member

This change bumps the github.com/go-jose/go-jose/v4 to 4.0.5.

@k8s-ci-robot
Copy link

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@austinvazquez austinvazquez marked this pull request as ready for review March 14, 2025 18:18
@dosubot dosubot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 14, 2025
@djdongjin
Copy link
Member

maybe mention this is to fix/silence https://pkg.go.dev/vuln/GO-2025-3485 :)

@akhilerm
Copy link
Member

maybe mention this is to fix/silence https://pkg.go.dev/vuln/GO-2025-3485 :)

Is the CVE impacting us? Running the govulncheck tool did not report the above vulnerability on the main branch.

@AkihiroSuda
Copy link
Member

maybe mention this is to fix/silence https://pkg.go.dev/vuln/GO-2025-3485 :)

Is the CVE impacting us? Running the govulncheck tool did not report the above vulnerability on the main branch.

govulncheck says "your code doesn't appear to call these vulnerabilities."

@AkihiroSuda AkihiroSuda added this pull request to the merge queue Mar 17, 2025
@AkihiroSuda AkihiroSuda added cherry-pick/1.6.x Change to be cherry picked to release/1.6 branch cherry-pick/1.7.x Change to be cherry picked to release/1.7 branch cherry-pick/2.0.x Change to be cherry picked to release/2.0 branch labels Mar 17, 2025
Merged via the queue into containerd:main with commit 357da8d Mar 17, 2025
58 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

@djdongjin djdongjin djdongjin approved these changes

Assignees
No one assigned
Labels
cherry-pick/1.6.x Change to be cherry picked to release/1.6 branch cherry-pick/1.7.x Change to be cherry picked to release/1.7 branch cherry-pick/2.0.x Change to be cherry picked to release/2.0 branch dependencies Pull requests that update a dependency file go Pull requests that update Go code size/M
Projects
Pull Request Review
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@austinvazquez @k8s-ci-robot @djdongjin @akhilerm @AkihiroSuda