Skip to content

🌱 Update Golang Dependencies group to v0.27.0 [SECURITY] #189

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
cluster-stack-bot wants to merge 2 commits into
base: main
Choose a base branch
from
Open

🌱 Update Golang Dependencies group to v0.27.0 [SECURITY] #189

cluster-stack-bot wants to merge 2 commits into from

Conversation

@cluster-stack-bot
Copy link
Contributor

@cluster-stack-bot cluster-stack-bot bot commented Jul 19, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
golang.org/x/oauth2 v0.24.0 -> v0.27.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2025-22868

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

@cluster-stack-bot
🌱 Update Golang Dependencies group to v0.27.0 [SECURITY]
81f04c1 
| datasource | package             | from    | to      |
| ---------- | ------------------- | ------- | ------- |
| go         | golang.org/x/oauth2 | v0.24.0 | v0.27.0 |
@cluster-stack-bot
Copy link
Contributor Author

cluster-stack-bot bot commented Jul 19, 2025

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.22.0 -> 1.23.0
go (toolchain) 1.22.9 -> 1.23.11

@cluster-stack-bot cluster-stack-bot bot added the size/S Denotes a PR that changes 20-50 lines, ignoring generated files. label Jul 19, 2025
@cluster-stack-bot
Copy link
Contributor Author

cluster-stack-bot bot commented Dec 19, 2025

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size/S Denotes a PR that changes 20-50 lines, ignoring generated files. type/minor update/go

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@garloff