Skip to content

fix(security): go security fixes (2026-05-25)#1327

Open
github-actions[bot] wants to merge 1 commit into
newjitsufrom
security/fix-go-2026-05-25
Open

fix(security): go security fixes (2026-05-25)#1327
github-actions[bot] wants to merge 1 commit into
newjitsufrom
security/fix-go-2026-05-25

Conversation

@github-actions

Copy link
Copy Markdown
Contributor

Summary

Batch Go security fixes for moderate+ Dependabot alerts with available resolvable versions.

Included fixes

  • CVE-2026-46680 (high): containerd user ID handling bypass allows runAsNonRoot evasion — github.com/containerd/containerd/v2 2.2.2 -> 2.2.4

Risks

  • No major version bumps in the applied fix.
  • github.com/docker/docker alerts were not included in this PR: Dependabot provided 29.3.1, but github.com/docker/docker@v29.3.1 is not a published Go module revision (latest available series in module proxy is v28.x +incompatible).
  • Alerts with fixed_version: null were skipped.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants