DFBUGS-6273: [release-4.18] switch to openshift-sustaining/go-jose v4.0.5-cve-2026-34986 for CVE-2026-34986#3982
Conversation
|
@malayparida2000: This pull request references [Jira Issue DFBUGS-6273](https://redhat.atlassian.net/browse/DFBUGS-6273), which is invalid:
Comment DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: malayparida2000 The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
Replace github.com/go-jose/go-jose/v4 with github.com/openshift-sustaining/go-jose/v4@v4.0.5-cve-2026-34986. This backports the security fix without bumping the Go toolchain version. Signed-off-by: Malay Kumar Parida <mparida@redhat.com> Co-authored-by: Cursor <cursoragent@cursor.com>
2caee0e to
a6c3fc6
Compare
|
@malayparida2000: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
This PR also fixes https://redhat.atlassian.net/browse/DFBUGS-6272 |
Upgrading github.com/go-jose/go-jose/v4 to a patched upstream release
would require a Go version bump on this branch. This PR uses the
OpenShift sustaining fork to backport the security fix while
maintaining compatibility with the existing Go toolchain.
Ref-
https://redhat.atlassian.net/browse/DFBUGS-6273
Made with Cursor