Skip to content

Fix CVE-2026-34986#40

Open
oadp-rebasebot-app[bot] wants to merge 1 commit into
migtools:oadp-1.4from
oadp-rebasebot:cve-fix/oadp-1.4/20260713-1
Open

Fix CVE-2026-34986#40
oadp-rebasebot-app[bot] wants to merge 1 commit into
migtools:oadp-1.4from
oadp-rebasebot:cve-fix/oadp-1.4/20260713-1

Conversation

@oadp-rebasebot-app

Copy link
Copy Markdown

CVE Fixes

Automated scan found 1 fixable Go dependency CVE(s) in migtools/kopia on branch oadp-1.4.

CVE Severity Package Fixed Version Description
CVE-2026-34986 HIGH github.com/go-jose/go-jose/v4 4.1.4 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

How this was fixed

  • go get <package>@<fixed_version> for each vulnerable dependency
  • go mod tidy to clean up

Generated by cve-scan pipeline

- CVE-2026-34986: github.com/go-jose/go-jose/v4 v4.1.3 → 4.1.4
@oadp-snyk

oadp-snyk commented Jul 13, 2026

Copy link
Copy Markdown

⚠️ Snyk checks are incomplete.

Status Scan Engine Critical High Medium Low Total (0)
⚠️ Open Source Security 0 0 0 0 See details
⚠️ Licenses 0 0 0 0 See details

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@Joeavaikath Joeavaikath reopened this Jul 13, 2026

@weshayutin weshayutin left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/LGTM

@weshayutin weshayutin left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/LGTM

@openshift-ci

openshift-ci Bot commented Jul 15, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: oadp-rebasebot-app[bot], weshayutin

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants