Skip to content

[release-1.33] Bump Go Jose v3.0.5, CVE-2025-34986#6818

Open
TomSweeneyRedHat wants to merge 3 commits intocontainers:release-1.33from
TomSweeneyRedHat:dev/tsweeney/release-1.33-cve-2025-34986
Open

[release-1.33] Bump Go Jose v3.0.5, CVE-2025-34986#6818
TomSweeneyRedHat wants to merge 3 commits intocontainers:release-1.33from
TomSweeneyRedHat:dev/tsweeney/release-1.33-cve-2025-34986

Conversation

@TomSweeneyRedHat
Copy link
Copy Markdown
Member

@TomSweeneyRedHat TomSweeneyRedHat commented Apr 29, 2026

Bump Go Jose to v3.0.5 to address CVE-2025-34986

Then bump Buildah to v1.33.15

Fixes: https://redhat.atlassian.net/browse/RHEL-164983, https://redhat.atlassian.net/browse/RHEL-164974

What type of PR is this?

/kind api-change
/kind bug
/kind cleanup
/kind deprecation
/kind design
/kind documentation
/kind failing-test
/kind feature
/kind flake
/kind other

What this PR does / why we need it:

How to verify it

Which issue(s) this PR fixes:

Special notes for your reviewer:

Does this PR introduce a user-facing change?

None

@TomSweeneyRedHat TomSweeneyRedHat added the No New Tests Allow PR to proceed without adding regression tests label Apr 29, 2026
@dosubot dosubot Bot added the size:S This PR changes 10-29 lines, ignoring generated files. label Apr 29, 2026
@nalind nalind force-pushed the dev/tsweeney/release-1.33-cve-2025-34986 branch from c056deb to 76783f3 Compare April 29, 2026 15:20
@TomSweeneyRedHat @nalind
[release-1.33] Bump Go Jose v3.0.5, CVE-2026-34986
06456df 
Bump Go Jose to v3.0.5 to address CVE-2026-34986

Fixes: https://redhat.atlassian.net/browse/RHEL-164983, https://redhat.atlassian.net/browse/RHEL-164974

[NO NEW TESTS NEEDED]

Signed-off-by: Tom Sweeney <tsweeney@redhat.com>
@nalind nalind force-pushed the dev/tsweeney/release-1.33-cve-2025-34986 branch from 76783f3 to 59214cc Compare April 29, 2026 15:21
@nalind
Copy link
Copy Markdown
Member

nalind commented Apr 29, 2026

(Added a [NO NEW TESTS NEEDED] to the commit log message for the bump-go-jose commit.)

nalind and others added 2 commits April 29, 2026 13:03
@nalind
Use a precached image for the test of --unsetlabel
98e3746 
The brand new version of the base image used in the test for
"config --unsetlabel" no longer includes the label that the test assumed
it always would.  Switch to using a known image.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
@TomSweeneyRedHat @nalind
[release-1.33] Bump to Buildah v1.33.15
87f11dd 
Bump Buildah to v1.33.15

Signed-off-by: Tom Sweeney <tsweeney@redhat.com>
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
@nalind nalind force-pushed the dev/tsweeney/release-1.33-cve-2025-34986 branch from 59214cc to 87f11dd Compare April 29, 2026 17:04
@nalind
Copy link
Copy Markdown
Member

nalind commented Apr 29, 2026

Pulled in a part of #6634 to fix a new integration test error.

@TomSweeneyRedHat
Copy link
Copy Markdown
Member Author

TomSweeneyRedHat commented Apr 29, 2026

Thanks for the tweaks @nalind! All happy green test buttons, and your changes
LGTM
Good to merge?

@nalind
Copy link
Copy Markdown
Member

nalind commented Apr 29, 2026

They look right to me, but having made some of the changes in here, I'm probably not the right person to merge them any more. @containers/buildah-maintainers PTAL

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

No New Tests Allow PR to proceed without adding regression tests size:S This PR changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TomSweeneyRedHat @nalind