Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.71.1 to 1.97.3#1137
Conversation
dependabot
Bot
added
dependencies
dependabot
Bot
force-pushed
the
dependabot/go_modules/github.com/aws/aws-sdk-go-v2/service/s3-1.97.3
branch
4 times, most recently
from
37a3691 to
f179eed
Compare
|
@dependabot rebase |
Bumps [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) from 1.71.1 to 1.97.3. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.71.1...service/s3/v1.97.3) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/s3 dependency-version: 1.97.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/go_modules/github.com/aws/aws-sdk-go-v2/service/s3-1.97.3
branch
from
f179eed to
1c44ee0
Compare
Kusari Analysis Results:
Both dependency and code security analyses independently recommend proceeding with no blocking issues. The PR updates 11 transitive AWS SDK for Go v2 packages (indirect dependencies via gocloud.dev@v0.40.0) and remediates GHSA-xmrv-pmrh-hhx2 (CVSS 5.9 Medium), a DoS vulnerability in the EventStream header decoder that could allow remote actors to crash the host process via malformed frames. The vulnerability is confirmed fixed in the new versions, as it only appears in OldVersionVulns for aws-sdk-go-v2/service/s3 (1.71.1) and aws/protocol/eventstream (1.6.7). All updated packages carry zero active advisories, are not deprecated or end-of-life, score 10/10 on maintenance, and use permissive licenses (Apache-2.0, BSD-3-Clause). The code analysis returned zero findings across all categories including no exposed secrets and no workflow issues. The combined risk profile is strictly positive: this PR reduces the attack surface with no new risks introduced. Note View full detailed analysis result for more information on the output and the checks that were run.
Found this helpful? Give it a 👍 or 👎 reaction! |
calebbrown
deleted the
dependabot/go_modules/github.com/aws/aws-sdk-go-v2/service/s3-1.97.3
branch
|
Kusari PR Analysis rerun based on - 1c44ee0 performed at: 2026-05-15T00:47:40Z - link to updated analysis |
|
Kusari PR Analysis rerun based on - 1c44ee0 performed at: 2026-05-15T02:02:15Z - link to updated analysis |
1 participant
Bumps github.com/aws/aws-sdk-go-v2/service/s3 from 1.71.1 to 1.97.3.
Commits
90650ddRelease 2026-03-26dd88818Regenerated Clientsb662c50Update endpoints model500a9cbUpdate API model6221102fix stale skew and delayed skew healing (#3359)0a39373fix order of generated event header handlers (#3361)098f389Only generate resolveAccountID when it's required (#3360)6ebab66Release 2026-03-25b2ec3beRegenerated Clientsabc126fUpdate API model