From 477f2687a642a4114f9aa01b70b6258a15fbae08 Mon Sep 17 00:00:00 2001 From: Travis Bischel Date: Tue, 9 Jun 2026 14:06:53 -0600 Subject: [PATCH] [release-2.8] deps: bump Go to 1.26.4 to address Snyk findings Bumps backend/go.mod go directive to 1.26.4 to clear two stdlib HIGH findings still present on the release-2.8 branch: - CVE-2026-27145 / GO-2026-5037 - crypto/x509 resource exhaustion - CVE-2026-42504 / GO-2026-5038 - net/mime resource exhaustion Both fixed in go1.26.4. Backport of the master fix (#2490). Co-Authored-By: Claude Opus 4.8 (1M context) --- backend/go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/go.mod b/backend/go.mod index 857714cbcf..7c557fc782 100644 --- a/backend/go.mod +++ b/backend/go.mod @@ -1,6 +1,6 @@ module github.com/redpanda-data/console/backend -go 1.26.3 +go 1.26.4 require ( buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.35.2-20241127180247-a33202765966.1