Commit fef3f98
fix(deps): OADP-7565,OADP-7570,OADP-7573: bump Go toolchain to 1.25.8 and update dependencies
Update Go toolchain to 1.25.8 to address multiple CVEs:
- GO-2026-4337, GO-2026-4340 (crypto/tls)
- GO-2026-4341 (net/url)
- GO-2026-4342 (archive/zip)
- CVE-2026-25679 (net/url IPv6 host parsing)
- CVE-2026-27137 (crypto/x509 email constraints)
Update golang.org/x/* dependencies:
- x/crypto v0.49.0 (fixes GHSA-j5w8-q4qc-rx2x, GHSA-f6x5-jh6r-wrfv)
- x/net v0.52.0 (fixes GHSA-vvgc-356p-c3xw)
- x/sys v0.42.0, x/text v0.35.0, x/term v0.41.0, x/sync v0.20.0
Update go.opentelemetry.io/otel/sdk v1.34.0 → v1.42.0
(fixes GHSA-9h8m-3fm2-qjrq: arbitrary code execution via PATH hijacking)
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>1 parent 20bfabb commit fef3f98
5 files changed
Lines changed: 2354 additions & 2530 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
31 | 31 | | |
32 | 32 | | |
33 | 33 | | |
34 | | - | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
35 | 37 | | |
36 | 38 | | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
272 | 272 | | |
273 | 273 | | |
274 | 274 | | |
275 | | - | |
276 | 275 | | |
277 | 276 | | |
278 | | - | |
| 277 | + | |
279 | 278 | | |
280 | 279 | | |
281 | 280 | | |
| |||
0 commit comments