From 2bc7c453487dc0de7c89b94ccbc7d2f728b11ce8 Mon Sep 17 00:00:00 2001 From: Shay Bratslavsky Date: Mon, 13 Jul 2026 12:19:34 +0300 Subject: [PATCH 1/2] ACM-35705: CVE-2026-39830 Bump golang.org/x/crypto to v0.52.0 through indirect dependency conversion --- models/go.mod | 2 ++ models/vendor/modules.txt | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/models/go.mod b/models/go.mod index e258b2388e26..705dd27af84d 100644 --- a/models/go.mod +++ b/models/go.mod @@ -28,5 +28,7 @@ require ( github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/oklog/ulid v1.3.1 // indirect go.mongodb.org/mongo-driver v1.12.0 // indirect + golang.org/x/crypto v0.52.0 // indirect + golang.org/x/text v0.37.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/models/vendor/modules.txt b/models/vendor/modules.txt index 9be6e8124ead..54b0af4cbd26 100644 --- a/models/vendor/modules.txt +++ b/models/vendor/modules.txt @@ -71,6 +71,10 @@ go.mongodb.org/mongo-driver/bson/bsonrw go.mongodb.org/mongo-driver/bson/bsontype go.mongodb.org/mongo-driver/bson/primitive go.mongodb.org/mongo-driver/x/bsonx/bsoncore +# golang.org/x/crypto v0.52.0 +## explicit; go 1.25.0 +# golang.org/x/text v0.37.0 +## explicit; go 1.25.0 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 From f99aeaf72888ca71fdabda786206bfb1471b44ad Mon Sep 17 00:00:00 2001 From: Shay Bratslavsky Date: Thu, 16 Jul 2026 11:59:17 +0300 Subject: [PATCH 2/2] fix: sync vendor after rebase --- models/go.mod | 2 -- 1 file changed, 2 deletions(-) diff --git a/models/go.mod b/models/go.mod index 705dd27af84d..e258b2388e26 100644 --- a/models/go.mod +++ b/models/go.mod @@ -28,7 +28,5 @@ require ( github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/oklog/ulid v1.3.1 // indirect go.mongodb.org/mongo-driver v1.12.0 // indirect - golang.org/x/crypto v0.52.0 // indirect - golang.org/x/text v0.37.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect )