Skip to content

fix(deps): vuln minor: github.com/golang/glog, golang.org/x/oauth2 · patch: github.com/sirupsen/logrus [src/checkoutservice]#58

Open
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/go/checkoutservice/8-1783347816
Open

fix(deps): vuln minor: github.com/golang/glog, golang.org/x/oauth2 · patch: github.com/sirupsen/logrus [src/checkoutservice]#58
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/go/checkoutservice/8-1783347816

Conversation

@gh-worker-campaigns-3e9aa4

Copy link
Copy Markdown

Summary: High-severity security update — 3 packages upgraded (MINOR changes included)

Manifests changed:

  • src/checkoutservice (go)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.


Updates

Package From To Type Dep Type Vulnerabilities Fixed
github.com/sirupsen/logrus v1.9.0 v1.9.4 patch Direct 3 HIGH
golang.org/x/oauth2 v0.3.0 v0.36.0 minor Transitive 2 HIGH
github.com/golang/glog v1.0.0 v1.2.5 minor Transitive 2 MEDIUM

Security Details

🚨 Critical & High Severity (5 fixed)
Package CVE Severity Summary Unsafe Version Fixed In Case
github.com/sirupsen/logrus GHSA-4f99-4q7p-p3gh HIGH Logrus is vulnerable to DoS when using Entry.Writer() v1.9.0 1.8.3 -
github.com/sirupsen/logrus GO-2025-4188 HIGH Logrus is vulnerable to DoS when using Entry.writerScanner in github.com/sirupsen/logrus v1.9.0 1.8.3 -
github.com/sirupsen/logrus CVE-2025-65637 HIGH - v1.9.0 - -
golang.org/x/oauth2 GHSA-6v2p-p543-phr9 HIGH golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability v0.3.0 0.27.0 -
golang.org/x/oauth2 GO-2025-3488 HIGH Unexpected memory consumption during token parsing in golang.org/x/oauth2 v0.3.0 0.27.0 -
ℹ️ Other Vulnerabilities (2)
Package CVE Severity Summary Unsafe Version Fixed In Case
github.com/golang/glog GO-2025-3372 MODERATE Vulnerability when creating log files in github.com/golang/glog v1.0.0 1.2.4 -
github.com/golang/glog GHSA-6wxm-mpqj-6jpf MODERATE Insecure Temporary File usage in github.com/golang/glog v1.0.0 1.2.4 -
⚠️ Dependencies that have Reached EOL (3)
Dependency Unsafe Version EOL Date New Version Path
github.com/golang/glog v1.0.0 - v1.2.5 src/checkoutservice/go.mod
github.com/sirupsen/logrus v1.9.0 Jul 19, 2025 v1.9.4 src/checkoutservice/go.mod
golang.org/x/oauth2 v0.3.0 Dec 6, 2025 v0.36.0 src/checkoutservice/go.mod

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

…: github.com/sirupsen/logrus [src/checkoutservice]
@dd-prapprover-prod-77c48c

dd-prapprover-prod-77c48c Bot commented Jul 7, 2026

Copy link
Copy Markdown

PRApprover will approve and merge this PR, FAQ, #dx-source-code-management

🛠️ PRApproval Status

  • ✅ PR is eligible for auto-approval by rule dependency-management-version-updater - 2026-07-07T12:14:51Z
  • ⬜ CI tests passed
  • ⬜ Approved
  • ⬜ Merge Started
  • ⬜ Merged

➡️ Current phase: waiting for CI tests to complete...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants