Skip to content

fix: bump vulnerable dependencies per Dependabot security alerts#11

Merged
els0r merged 1 commit into
mainfrom
claude/apply-dependabot-updates-gBPuD
Mar 24, 2026
Merged

fix: bump vulnerable dependencies per Dependabot security alerts#11
els0r merged 1 commit into
mainfrom
claude/apply-dependabot-updates-gBPuD

Conversation

@els0r

@els0r els0r commented Mar 24, 2026

Copy link
Copy Markdown
Owner

Addresses all 4 Dependabot security findings in metrics and tracing modules.

- golang.org/x/net: v0.33.0 → v0.36.0 (metrics), v0.50.0 (tracing)
  Fixes CVE-2025-22870, CVE-2025-22872 (Moderate)
- golang.org/x/crypto: v0.31.0 → v0.35.0 (metrics)
  Fixes CVE-2025-22869 (High), CVE-2025-58181, CVE-2025-47914 (Moderate)
- go.opentelemetry.io/otel/sdk: v1.30.0 → v1.40.0 (tracing)
  Fixes CVE-2026-24051 (High)
- google.golang.org/grpc: v1.67.0 → v1.79.3 (tracing)
  Fixes CVE-2026-33186 (Critical)

https://claude.ai/code/session_014eGo3kWPpmJ7uj8SFCwffN
@els0r els0r merged commit b844c2c into main Mar 24, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants