Fix security vulnerabilities by upgrading to Go 1.26.2#380
Conversation
- Fixes CVE-2026-32281 (medium) in crypto/x509 - Fixes CVE-2026-32280 (high) in crypto/x509 - Fixes CVE-2026-33810 (high) in crypto/x509 - Fixes CVE-2026-32289 (medium) in html/template All vulnerabilities are resolved by upgrading from Go 1.26 to 1.26.2
|
@chadlwilson please look into this PR. |
|
vulnerabilities identified in our scan |
|
I forgot to bump the plugin version , will do it now. |
|
How can we make this plugin target latest go version then? Please suggest |
|
I've mentioned before - CI always runs with latest golang patch version, as long as it's not locked in go.mod. So a new release just needs to be built with a new plugin version as the release trigger. html-report/.github/workflows/deploy.yml Lines 14 to 18 in 8ef6993 I've been doing it this way because gauge has dozens of repos, plus dependabot does not support automatic bumping of go version via go.mod that I can find, and theres no way i have time to manually do this across all these repos for every runtime bug. |
chadlwilson
added
the
ReleaseCandidate
|
@areddy548 Thank you for contributing to html-report. Your pull request has been labeled as a release candidate 🎉🎉. Merging this PR will trigger a release. Please bump up the version as part of this PR.Instructions to bump the version can found at CONTRIBUTING.md If the CONTRIBUTING.md file does not exist or does not include instructions about bumping up the version, please looks previous commits in git history to see what changes need to be done. |
|
Can see in the actions logs: |
|
@chadlwilson Thank you for your support. |
2 participants
All vulnerabilities will be resolved by upgrading from Go 1.26 to 1.26.2