Skip to content

fix(deps): vuln minor: github.com/gin-gonic/gin, golang.org/x/text, google.golang.org/protobuf #34

Open
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/go/0-1781535362
Open

fix(deps): vuln minor: github.com/gin-gonic/gin, golang.org/x/text, google.golang.org/protobuf #34
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/go/0-1781535362

Conversation

@gh-worker-campaigns-3e9aa4

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 Bot commented Jun 15, 2026

Copy link
Copy Markdown

Summary: High-severity security update — 3 packages upgraded (MINOR changes included)

Manifests changed:

  • . (go)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package From To Type Dep Type Vulnerabilities Fixed
golang.org/x/text v0.3.7 v0.38.0 minor Transitive 3 HIGH
github.com/gin-gonic/gin v1.7.7 v1.12.0 minor Direct 5 MEDIUM
google.golang.org/protobuf v1.27.1 v1.36.11 minor Transitive 2 MEDIUM

Security Details

🚨 Critical & High Severity (3 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
golang.org/x/text GO-2022-1059 high Denial of service via crafted Accept-Language header in golang.org/x/text/language v0.3.7 0.3.8
golang.org/x/text CVE-2022-32149 high - v0.3.7 -
golang.org/x/text GHSA-69ch-w2m2-3vjp HIGH golang.org/x/text/language Denial of service via crafted Accept-Language header v0.3.7 0.3.8
ℹ️ Other Vulnerabilities (7)
Package CVE Severity Summary Unsafe Version Fixed In
github.com/gin-gonic/gin GO-2023-1737 medium Improper handling of filenames in Content-Disposition HTTP header in github.com/gin-gonic/gin v1.7.7 1.9.1
github.com/gin-gonic/gin CVE-2023-29401 medium - v1.7.7 -
github.com/gin-gonic/gin GHSA-2c4m-59x9-fr2g MODERATE Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function v1.7.7 1.9.1
github.com/gin-gonic/gin GHSA-3vp4-m3rf-835h MODERATE Improper input validation in github.com/gin-gonic/gin v1.7.7 1.9.0
github.com/gin-gonic/gin CVE-2023-26125 MODERATE - v1.7.7 -
google.golang.org/protobuf GHSA-8r3f-844c-mc37 MODERATE Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON v1.27.1 1.33.0
google.golang.org/protobuf GO-2024-2611 MODERATE Infinite loop in JSON unmarshaling in google.golang.org/protobuf v1.27.1 1.33.0
⚠️ Dependencies that have Reached EOL (3)
Dependency Unsafe Version EOL Date New Version Path
github.com/gin-gonic/gin v1.7.7 - v1.12.0 go.mod
golang.org/x/text v0.3.7 - v0.38.0 go.mod
google.golang.org/protobuf v1.27.1 - v1.36.11 go.mod

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

@campaigner-prod campaigner-prod Bot marked this pull request as ready for review June 16, 2026 12:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-dependency-update adms-fixes-eol adms-go adms-high-severity adms-medium-severity adms-minor-update adms-mode-all-vulns campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants