Skip to content

fix(cve): Fix critical and important CVE#2904

Merged
tekton-robot merged 1 commit into
tektoncd:release-v0.44.1from
pratap0007:fix-cves
Jun 12, 2026
Merged

fix(cve): Fix critical and important CVE#2904
tekton-robot merged 1 commit into
tektoncd:release-v0.44.1from
pratap0007:fix-cves

Conversation

@pratap0007

@pratap0007 pratap0007 commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This patch update the vulnerable GO dependencies to fix following CVEs

GHSA-78h2-9frx-2jm8, GHSA-mh2q-q3fh-2475, GHSA-hfvc-g4fc-pqhx
GHSA-w2q5-6q6x-x959, GHSA-m9x8-m34x-fj9q, GHSA-w9p8-pvxh-rxpj
GHSA-wrh2-89vg-4j9g, CVE-2026-46595, CVE-2026-42508
GHSA-4279-q6mj-392r, GHSA-h524-452v-82p9, GHSA-h3gm-q7m7-mp28

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

  • Includes tests (if functionality changed/added)
  • Run the code checkers with make check
  • Regenerate the manpages, docs and go formatting with make generated
  • Commit messages follow commit message best practices

See the contribution guide
for more details.

Release Notes

@tekton-robot tekton-robot added the release-note Denotes a PR that will be considered when it comes time to generate release notes. label Jun 11, 2026
@tekton-robot tekton-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Jun 11, 2026
@pratap0007
fix(cve): Fix critical and important CVE
6aa75f4 
This patch update the vulnerable GO dependencies to fix following CVEs

CVE-2026-34986, CVE-2026-29181, CVE-2026-39883
CVE-2026-39821, CVE-2026-27136, CVE-2026-25681
CVE-2026-42502, CVE-2026-46595, CVE-2026-42508
CVE-2026-27145, CVE-2026-42504, CVE-2026-42507

Signed-off-by: Shiv Verma <shverma@redhat.com>
@pratap0007 pratap0007 changed the title update golang.org/x/crypt and golang.org/x/net to fix CVE-2026-42508 and CVE-2026-39821 fix(cve): Fix critical and important CVE Jun 11, 2026
divyansh42
divyansh42 reviewed Jun 12, 2026
View reviewed changes

@divyansh42 divyansh42 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Jun 12, 2026
@tekton-robot

tekton-robot commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: pramodbindal, vdemeester

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 12, 2026
@tekton-robot tekton-robot merged commit 00740d6 into tektoncd:release-v0.44.1 Jun 12, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@divyansh42 divyansh42 divyansh42 left review comments

@vdemeester vdemeester vdemeester approved these changes

@pradeepitm12 pradeepitm12 Awaiting requested review from pradeepitm12

+1 more reviewer

@pramodbindal pramodbindal pramodbindal approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@divyansh42 divyansh42

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@pratap0007 @tekton-robot @vdemeester @pramodbindal @divyansh42