Skip to content

VULN UPGRADE: minor upgrades — 11 packages (minor: 9 · patch: 2) #36

Open
campaigner-prod[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/go/1-1770983320
Open

VULN UPGRADE: minor upgrades — 11 packages (minor: 9 · patch: 2) #36
campaigner-prod[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/go/1-1770983320

Conversation

@campaigner-prod
Copy link

@campaigner-prod campaigner-prod bot commented Feb 13, 2026

Summary: High-severity security update — 11 packages upgraded (MINOR changes included)

Manifests changed:

  • . (go)

Updates

Package From To Type Vulnerabilities Fixed
github.com/sirupsen/logrus v1.9.0 v1.9.4 patch 3 HIGH
github.com/aws/aws-sdk-go-v2 v1.17.1 v1.41.1 minor -
github.com/aws/aws-sdk-go-v2/config v1.18.2 v1.32.7 minor -
github.com/aws/aws-sdk-go-v2/service/iam v1.18.23 v1.53.2 minor -
github.com/aws/smithy-go v1.13.4 v1.24.0 minor -
github.com/datadog/stratus-red-team/v2 v2.4.8 v2.25.0 minor -
github.com/google/uuid v1.3.1 v1.6.0 minor -
github.com/kevinburke/ssh_config v1.2.0 v1.4.0 minor -
github.com/spf13/cobra v1.7.0 v1.10.2 minor -
sigs.k8s.io/yaml v1.3.0 v1.6.0 minor -
github.com/stretchr/testify v1.8.1 v1.8.4 patch -

Packages marked with "-" are updated due to dependency constraints.

Security Details

🚨 Critical & High Severity (3 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
github.com/sirupsen/logrus GHSA-4f99-4q7p-p3gh HIGH Logrus is vulnerable to DoS when using Entry.Writer() v1.9.0 1.8.3
github.com/sirupsen/logrus CVE-2025-65637 HIGH - v1.9.0 -
github.com/sirupsen/logrus GO-2025-4188 HIGH Logrus is vulnerable to DoS when using Entry.writerScanner in github.com/sirupsen/logrus v1.9.0 1.8.3
⚠️ Dependencies that have Reached EOL (9)
Dependency Unsafe Version EOL Date New Version Path
github.com/aws/aws-sdk-go-v2 v1.17.1 Oct 24, 2025 v1.41.1 go.mod
github.com/aws/aws-sdk-go-v2/config v1.18.2 Nov 17, 2025 v1.32.7 go.mod
github.com/aws/aws-sdk-go-v2/service/iam v1.18.23 Oct 26, 2025 v1.53.2 go.mod
github.com/aws/smithy-go v1.13.4 Oct 24, 2025 v1.24.0 go.mod
github.com/datadog/stratus-red-team/v2 v2.4.8 Oct 10, 2025 v2.25.0 go.mod
github.com/kevinburke/ssh_config v1.2.0 - v1.4.0 go.mod
github.com/sirupsen/logrus v1.9.0 Jul 19, 2025 v1.9.4 go.mod
github.com/stretchr/testify v1.8.1 Oct 20, 2025 v1.8.4 go.mod
sigs.k8s.io/yaml v1.3.0 - v1.6.0 go.mod

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

@dd-prapprover
Copy link

dd-prapprover bot commented Feb 13, 2026
edited
Loading

PRApprover will approve and merge this PR, FAQ, #dx-source-code-management

🛠️ PRApproval Status

🔗 Workflow Link

  • ✅ PR is eligible for auto-approval by rule dependency-management-version-updater - 2026-02-13T11:49:59Z
  • ⬜ CI tests passed
  • ⬜ Approved
  • ⬜ Merge Started
  • ⬜ Merged

➡️ Current phase: CI tests failed, please fix and re-trigger

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-dependency-update adms-fixes-eol adms-go adms-high-severity adms-minor-update adms-mode-all-updates campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants