Skip to content

fix: [CI-21700] Fix EOL components and security vulnerabilities in pl…#74

Open
abhay084 wants to merge 1 commit into
mainfrom
CI-21700-1
Open

fix: [CI-21700] Fix EOL components and security vulnerabilities in pl…#74
abhay084 wants to merge 1 commit into
mainfrom
CI-21700-1

Conversation

@abhay084

@abhay084 abhay084 commented Apr 1, 2026

Copy link
Copy Markdown
Collaborator

…ugins/buildx-gar

Changes

Go Version

  • Updated go directive from 1.24.11 (EOL) to 1.25.0
  • Updated toolchain from go1.25.5 to go1.26.0

Direct Dependencies

  • golang.org/x/oauth2: v0.13.0 -> v0.36.0
  • google.golang.org/api: v0.151.0 -> v0.273.0

Indirect Dependencies

  • golang.org/x/crypto: v0.14.0 -> v0.49.0 (fixes GHSA-cxfp-7pvr-95ff, GHSA-m6hq-p25p-ffr2)
  • golang.org/x/net: v0.17.0 -> v0.52.0 (fixes GHSA-pwhc-rpq9-4c8w, GO-2025-4100)
  • golang.org/x/sys: v0.30.0 -> v0.42.0
  • golang.org/x/text: v0.13.0 -> v0.35.0
  • google.golang.org/grpc: v1.59.0 -> v1.79.3 (fixes GO-2025-3701, GO-2025-4108)
  • google.golang.org/protobuf: v1.31.0 -> v1.36.11
  • cloud.google.com/go/compute/metadata: v0.3.0 -> v0.9.0
  • github.com/google/uuid: v1.4.0 -> v1.6.0
  • github.com/google/s2a-go: v0.1.7 -> v0.1.9
  • github.com/googleapis/gax-go/v2: v2.12.0 -> v2.19.0
  • github.com/googleapis/enterprise-certificate-proxy: v0.3.2 -> v0.3.14
  • github.com/golang/protobuf: v1.5.3 -> v1.5.4

Removed Deprecated Dependencies

  • google.golang.org/appengine (replaced by cloud.google.com/go/auth)
  • go.opencensus.io (replaced by OpenTelemetry)
  • github.com/golang/groupcache (no longer required)

Security Advisories Addressed

Jira: CI-21700

AI-Session-Id: 19c22c7e-e7b2-4ad7-b79c-ad4b6ca263fe
AI-Tool: claude-code
AI-Model: global.anthropic.claude-sonnet-4-6

@abhay084
fix: [CI-21700] Fix EOL components and security vulnerabilities in pl…
d763966 
…ugins/buildx-gar

## Changes

### Go Version
- Updated go directive from 1.24.11 (EOL) to 1.25.0
- Updated toolchain from go1.25.5 to go1.26.0

### Direct Dependencies
- golang.org/x/oauth2: v0.13.0 -> v0.36.0
- google.golang.org/api: v0.151.0 -> v0.273.0

### Indirect Dependencies
- golang.org/x/crypto: v0.14.0 -> v0.49.0 (fixes GHSA-cxfp-7pvr-95ff, GHSA-m6hq-p25p-ffr2)
- golang.org/x/net: v0.17.0 -> v0.52.0 (fixes GHSA-pwhc-rpq9-4c8w, GO-2025-4100)
- golang.org/x/sys: v0.30.0 -> v0.42.0
- golang.org/x/text: v0.13.0 -> v0.35.0
- google.golang.org/grpc: v1.59.0 -> v1.79.3 (fixes GO-2025-3701, GO-2025-4108)
- google.golang.org/protobuf: v1.31.0 -> v1.36.11
- cloud.google.com/go/compute/metadata: v0.3.0 -> v0.9.0
- github.com/google/uuid: v1.4.0 -> v1.6.0
- github.com/google/s2a-go: v0.1.7 -> v0.1.9
- github.com/googleapis/gax-go/v2: v2.12.0 -> v2.19.0
- github.com/googleapis/enterprise-certificate-proxy: v0.3.2 -> v0.3.14
- github.com/golang/protobuf: v1.5.3 -> v1.5.4

### Removed Deprecated Dependencies
- google.golang.org/appengine (replaced by cloud.google.com/go/auth)
- go.opencensus.io (replaced by OpenTelemetry)
- github.com/golang/groupcache (no longer required)

### Security Advisories Addressed
- GHSA-cxfp-7pvr-95ff
- GHSA-m6hq-p25p-ffr2
- GHSA-pwhc-rpq9-4c8w
- GO-2025-3701
- GO-2025-4100
- GO-2025-4108
- GO-2025-4222

Jira: CI-21700

AI-Session-Id: 19c22c7e-e7b2-4ad7-b79c-ad4b6ca263fe
AI-Tool: claude-code
AI-Model: global.anthropic.claude-sonnet-4-6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@abhay084