Skip to content

fix(deps): vuln minor upgrades — 6 packages (minor: 1 · patch: 5) #116

Open
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/go/0-1775070121
Open

fix(deps): vuln minor upgrades — 6 packages (minor: 1 · patch: 5) #116
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/go/0-1775070121

Conversation

@gh-worker-campaigns-3e9aa4
Copy link
Copy Markdown

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 bot commented Apr 1, 2026

Summary: High-severity security update — 6 packages upgraded (MINOR changes included)

Manifests changed:

  • . (go)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package From To Type Vulnerabilities Fixed
github.com/containerd/containerd v1.7.20 v1.7.30 patch 3 HIGH, 4 MODERATE, 2 MEDIUM
github.com/stretchr/testify v1.9.0 v1.11.1 minor -
github.com/opencontainers/image-spec v1.1.0 v1.1.1 patch -
github.com/sirupsen/logrus v1.9.3 v1.9.4 patch -
github.com/urfave/cli/v2 v2.27.2 v2.27.7 patch -
oras.land/oras-go v1.2.6 v1.2.7 patch -

Packages marked with "-" are updated due to dependency constraints.

Security Details

🚨 Critical & High Severity (3 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
github.com/containerd/containerd GO-2025-4100 high containerd affected by a local privilege escalation via wide permissions on CRI directory in github.com/containerd/containerd v1.7.20 1.7.29
github.com/containerd/containerd CVE-2024-25621 high containerd affected by a local privilege escalation via wide permissions on CRI directory v1.7.20 -
github.com/containerd/containerd GHSA-pwhc-rpq9-4c8w HIGH containerd affected by a local privilege escalation via wide permissions on CRI directory v1.7.20 1.7.29
ℹ️ Other Vulnerabilities (6)
Package CVE Severity Summary Unsafe Version Fixed In
github.com/containerd/containerd GO-2025-4108 medium containerd CRI server: Host memory exhaustion through Attach goroutine leak in github.com/containerd/containerd v1.7.20 1.7.29
github.com/containerd/containerd CVE-2025-64329 medium containerd CRI server: Host memory exhaustion through Attach goroutine leak v1.7.20 -
github.com/containerd/containerd GHSA-265r-hfxg-fhmg MODERATE containerd has an integer overflow in User ID handling v1.7.20 1.7.27
github.com/containerd/containerd GO-2025-3528 MODERATE containerd has an integer overflow in User ID handling in github.com/containerd/containerd v1.7.20 1.6.38
github.com/containerd/containerd CVE-2024-40635 MODERATE containerd has an integer overflow in User ID handling v1.7.20 -
github.com/containerd/containerd GHSA-m6hq-p25p-ffr2 MODERATE containerd CRI server: Host memory exhaustion through Attach goroutine leak v1.7.20 1.7.29

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

@campaigner-prod campaigner-prod bot marked this pull request as ready for review April 2, 2026 13:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-dependency-update adms-go adms-high-severity adms-medium-severity adms-minor-update adms-mode-all-updates campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants