Skip to content

[release-1.41] Bump Jose to v4.1.4, CVE-2026-34986#6792

Merged
lsm5 merged 2 commits intocontainers:release-1.41from
TomSweeneyRedHat:dev/tsweeney/release-1.41-cve-2026-34986
Apr 17, 2026
Merged

[release-1.41] Bump Jose to v4.1.4, CVE-2026-34986#6792
lsm5 merged 2 commits intocontainers:release-1.41from
TomSweeneyRedHat:dev/tsweeney/release-1.41-cve-2026-34986

Conversation

@TomSweeneyRedHat
Copy link
Copy Markdown
Member

@TomSweeneyRedHat TomSweeneyRedHat commented Apr 16, 2026

Bump github.com/go-jose/go-jose/v4 to v4.1.4 to address [release-1.41] Bump Jose to v4.1.4, CVE-2026-34986

Fixes: https://redhat.atlassian.net/browse/RHEL-165027, https://redhat.atlassian.net/browse/RHEL-164999

What type of PR is this?

/kind api-change
/kind bug
/kind cleanup
/kind deprecation
/kind design
/kind documentation
/kind failing-test
/kind feature
/kind flake
/kind other

What this PR does / why we need it:

How to verify it

Which issue(s) this PR fixes:

Special notes for your reviewer:

Does this PR introduce a user-facing change?

None

@TomSweeneyRedHat
[release-1.41] Bump Jose to v4.1.4, CVE-2026-34986
f5f72cf 
Bump github.com/go-jose/go-jose/v4 to v4.1.4 to address CVE-2026-34986

Fixes: https://redhat.atlassian.net/browse/RHEL-165027, https://redhat.atlassian.net/browse/RHEL-164999

Signed-off-by: Tom Sweeney <tsweeney@redhat.com>
@TomSweeneyRedHat
[release-1.41] Bump Buildah to 1.41.9
3d87503 
Bump Buildah to v1.41.9

Signed-off-by: Tom Sweeney <tsweeney@redhat.com>
@TomSweeneyRedHat TomSweeneyRedHat added the No New Tests Allow PR to proceed without adding regression tests label Apr 16, 2026
@dosubot dosubot bot added the size:S This PR changes 10-29 lines, ignoring generated files. label Apr 16, 2026
nalind
nalind approved these changes Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@nalind nalind left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

lsm5
lsm5 approved these changes Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@lsm5 lsm5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lsm5 lsm5 merged commit 9054270 into containers:release-1.41 Apr 17, 2026
35 of 39 checks passed
@TomSweeneyRedHat TomSweeneyRedHat deleted the dev/tsweeney/release-1.41-cve-2026-34986 branch April 17, 2026 18:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lsm5 lsm5 lsm5 approved these changes

@nalind nalind nalind approved these changes

Assignees

No one assigned

Labels

No New Tests Allow PR to proceed without adding regression tests size:S This PR changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@TomSweeneyRedHat @lsm5 @nalind