Skip to content

chore/security: update deps for CVEs reported by trivy#1319

Merged
burmudar merged 1 commit intomainfrom
wb/trivy
May 8, 2026
Merged

chore/security: update deps for CVEs reported by trivy#1319
burmudar merged 1 commit intomainfrom
wb/trivy

Conversation

@burmudar
Copy link
Copy Markdown
Contributor

@burmudar burmudar commented May 8, 2026

Ran trivy:

  • upgrade otel
  • upgrade pgx
  • upgrade tar used by npm-distribution

Test plan

2026-05-08T13:26:57.709+0200    INFO    Vulnerability scanning is enabled
2026-05-08T13:26:57.709+0200    INFO    Secret scanning is enabled
2026-05-08T13:26:57.709+0200    INFO    If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2026-05-08T13:26:57.709+0200    INFO    Please see also https://aquasecurity.github.io/trivy/v0.47/docs/scanner/secret/#recommendation for faster secret detection
2026-05-08T13:26:58.119+0200    WARN    Unable to collect additional info: dependency graph error: /Users/william/go/pkg/mod/k8s.io/apimachinery@v0.33.2/go.mod parse error: go.mod parse error: go.mod:7: unknown directive: godebug
2026-05-08T13:26:58.130+0200    INFO    Number of language-specific files: 3
2026-05-08T13:26:58.130+0200    INFO    Detecting gomod vulnerabilities...
2026-05-08T13:26:58.132+0200    INFO    Detecting npm vulnerabilities...

@burmudar burmudar requested review from evict and keegancsmith May 8, 2026 11:29
@burmudar burmudar self-assigned this May 8, 2026
@burmudar burmudar enabled auto-merge (squash) May 8, 2026 11:53
keegancsmith
keegancsmith approved these changes May 8, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@keegancsmith keegancsmith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

did you run go mod tidy?

@burmudar burmudar merged commit 720a397 into main May 8, 2026
7 of 8 checks passed
@burmudar burmudar deleted the wb/trivy branch May 8, 2026 12:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@keegancsmith keegancsmith keegancsmith approved these changes

@evict evict Awaiting requested review from evict

Assignees

@burmudar burmudar

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@burmudar @keegancsmith