Skip to content

chore: update vulnerable Go dependencies#33

Merged
adityathebe merged 1 commit into
mainfrom
fix-high-dependabot-alerts
Jul 3, 2026
Merged

chore: update vulnerable Go dependencies#33
adityathebe merged 1 commit into
mainfrom
fix-high-dependabot-alerts

Conversation

@adityathebe

Copy link
Copy Markdown
Member

Dependabot reported high-severity security alerts for transitive Go modules.

Update the vulnerable dependency versions for go-git/go-billy, go-git, OpenTelemetry, spdystream, and go-jose to patched releases so the alerts can be resolved.
The pgproto3 alert remains on v2.3.3 because no patched release is currently available.

Dependabot reported high-severity alerts for transitive Go modules.

Update go-git/go-billy, go-git, OpenTelemetry, spdystream, and go-jose to patched versions. The pgproto3 alert remains on v2.3.3 because no patched release is available.
@adityathebe adityathebe merged commit 1b40f27 into main Jul 3, 2026
5 checks passed
@adityathebe adityathebe deleted the fix-high-dependabot-alerts branch July 3, 2026 12:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant