Skip to content

[release/2.2.3m1] Bump go-jose/go-jose to v4.1.4 to fix GHSA-78h2-9frx-2jm8#14

Merged
smerkviladze merged 1 commit intoMirantis:release/2.2.3m1from
smerkviladze:release/2.2.3m1-cve-2026-34986
Apr 30, 2026
Merged

[release/2.2.3m1] Bump go-jose/go-jose to v4.1.4 to fix GHSA-78h2-9frx-2jm8#14
smerkviladze merged 1 commit intoMirantis:release/2.2.3m1from
smerkviladze:release/2.2.3m1-cve-2026-34986

Conversation

@smerkviladze
Copy link
Copy Markdown
Collaborator

@smerkviladze smerkviladze commented Apr 29, 2026
edited
Loading

Bump github.com/go-jose/go-jose/v4 from v4.1.3 to v4.1.4 to address a high-severity vulnerability:

Advisory: GHSA-78h2-9frx-2jm8
Backports containerd#13286

(cherry picked from commit 80311db)

@chrischangcode @smerkviladze
chore: update go-jose for CVE-2026-34986
a13a4fa 
Signed-off-by: Chris Chang <chrischang@microsoft.com>
(cherry picked from commit 5125a2a)
Signed-off-by: Sopho Merkviladze <smerkviladze@mirantis.com>
(cherry picked from commit 80311db)
Signed-off-by: Sopho Merkviladze <smerkviladze@mirantis.com>
@smerkviladze smerkviladze requested a review from corhere April 29, 2026 18:28
@smerkviladze smerkviladze merged commit 15a0cda into Mirantis:release/2.2.3m1 Apr 30, 2026
86 of 90 checks passed
@smerkviladze smerkviladze deleted the release/2.2.3m1-cve-2026-34986 branch April 30, 2026 10:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@corhere corhere corhere approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@smerkviladze @corhere @chrischangcode