Skip to content

fix(deps): vuln minor: github.com/golang/glog, golang.org/x/oauth2 · patch: github.com/sirupsen/logrus [src/checkoutservice]#49

Open
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/go/checkoutservice/8-1781532572
Open

fix(deps): vuln minor: github.com/golang/glog, golang.org/x/oauth2 · patch: github.com/sirupsen/logrus [src/checkoutservice]#49
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/go/checkoutservice/8-1781532572

Conversation

@gh-worker-campaigns-3e9aa4

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 Bot commented Jun 15, 2026

Copy link
Copy Markdown

Summary: High-severity security update — 3 packages upgraded (MINOR changes included)

Manifests changed:

  • src/checkoutservice (go)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package From To Type Dep Type Vulnerabilities Fixed
github.com/sirupsen/logrus v1.9.0 v1.9.4 patch Direct 3 HIGH
golang.org/x/oauth2 v0.3.0 v0.36.0 minor Transitive 2 HIGH
github.com/golang/glog v1.0.0 v1.2.5 minor Transitive 2 MEDIUM

Security Details

🚨 Critical & High Severity (5 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
github.com/sirupsen/logrus GHSA-4f99-4q7p-p3gh HIGH Logrus is vulnerable to DoS when using Entry.Writer() v1.9.0 1.8.3
github.com/sirupsen/logrus CVE-2025-65637 HIGH - v1.9.0 -
github.com/sirupsen/logrus GO-2025-4188 HIGH Logrus is vulnerable to DoS when using Entry.writerScanner in github.com/sirupsen/logrus v1.9.0 1.8.3
golang.org/x/oauth2 GO-2025-3488 HIGH Unexpected memory consumption during token parsing in golang.org/x/oauth2 v0.3.0 0.27.0
golang.org/x/oauth2 GHSA-6v2p-p543-phr9 HIGH golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability v0.3.0 0.27.0
ℹ️ Other Vulnerabilities (2)
Package CVE Severity Summary Unsafe Version Fixed In
github.com/golang/glog GHSA-6wxm-mpqj-6jpf MODERATE Insecure Temporary File usage in github.com/golang/glog v1.0.0 1.2.4
github.com/golang/glog GO-2025-3372 MODERATE Vulnerability when creating log files in github.com/golang/glog v1.0.0 1.2.4
⚠️ Dependencies that have Reached EOL (3)
Dependency Unsafe Version EOL Date New Version Path
github.com/golang/glog v1.0.0 - v1.2.5 src/checkoutservice/go.mod
github.com/sirupsen/logrus v1.9.0 Jul 19, 2025 v1.9.4 src/checkoutservice/go.mod
golang.org/x/oauth2 v0.3.0 Dec 6, 2025 v0.36.0 src/checkoutservice/go.mod

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

@gh-worker-campaigns-3e9aa4
ADMS: vuln minor: github.com/golang/glog, golang.org/x/oauth2 · patch…
df73590 
…: github.com/sirupsen/logrus [src/checkoutservice]
@campaigner-prod campaigner-prod Bot marked this pull request as ready for review June 16, 2026 12:18
@dd-prapprover

dd-prapprover Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown

PRApprover will approve and merge this PR, FAQ, #dx-source-code-management

🛠️ PRApproval Status

  • ✅ PR is eligible for auto-approval by rule dependency-management-version-updater - 2026-06-16T12:21:11Z
  • ⬜ CI tests passed
  • ⬜ Approved
  • ⬜ Merge Started
  • ⬜ Merged

➡️ Current phase: waiting for CI tests to complete...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-dependency-update adms-fixes-eol adms-go adms-high-severity adms-medium-severity adms-minor-update adms-mode-all-vulns campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants