[release-ocm-2.13] ACM-35866: CVE-2026-39828 Bump golang.org/x/crypto to v0.52.0#10657
Conversation
|
@shay23bra: This pull request references ACM-35866 which is a valid jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Repository: openshift/coderabbit/.coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## release-ocm-2.13 #10657 +/- ##
=================================================
Coverage 42.75% 42.75%
=================================================
Files 347 347
Lines 65964 65964
=================================================
+ Hits 28204 28206 +2
+ Misses 35225 35224 -1
+ Partials 2535 2534 -1 🚀 New features to boost your workflow:
|
|
@shay23bra: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: gamli75, shay23bra The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
614feda
into
openshift:release-ocm-2.13
Bump
golang.org/x/cryptotov0.52.0to fixCVE-2026-39828Strategy Selection
Strategies Not Applicable
Direct dependency major version upgrade
Not applicable: all fixed versions are within same major version. Would use simple direct update instead.
Indirect dependency fix via parent update
Not applicable: dependency is direct. Introducer updates only apply to indirect dependencies.
Indirect to direct dependency conversion
Not applicable: dependency is direct. Indirect to direct conversion only works for transitive dependencies.
Replace directive workaround
Not applicable: replace directive already exists. Cannot add duplicate replace entries.
✓ Successful Strategy: Direct dependency version bump
Direct version bump within same major version.
https://redhat.atlassian.net/browse/ACM-35866
This PR was automatically generated by the CVE Automation tool.
For questions or issues, reach out in #cve-automation.