Skip to content

fix(deps): vuln oras.land/oras-go (patch → v1.2.7) #131

Merged
dd-prapprover-prod-77c48c[bot] merged 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/go/1-1783415527
Jul 7, 2026
Merged

fix(deps): vuln oras.land/oras-go (patch → v1.2.7) #131
dd-prapprover-prod-77c48c[bot] merged 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/go/1-1783415527

Conversation

@gh-worker-campaigns-3e9aa4

Copy link
Copy Markdown
Contributor

Summary: Security update — 1 package upgraded (patch changes only)

Manifests changed:

  • . (go)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.


Updates

Package From To Type Dep Type Vulnerabilities Fixed
oras.land/oras-go v1.2.6 v1.2.7 patch Direct 1 LOW

Security Details

ℹ️ Other Vulnerabilities (1)
Package CVE Severity Summary Unsafe Version Fixed In Case
oras.land/oras-go GHSA-xf85-363p-868w LOW oras-go: Malicious registry can hijack Bearer token realm to exfiltrate credentials and refresh tokens v1.2.6 - -

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

@dd-prapprover-prod-77c48c

dd-prapprover-prod-77c48c Bot commented Jul 7, 2026

Copy link
Copy Markdown

PRApprover will approve and merge this PR, FAQ, #dx-source-code-management

🛠️ PRApproval Status

  • ✅ PR is eligible for auto-approval by rule dependency-management-version-updater - 2026-07-07T14:24:46Z
  • ✅ CI tests passed - 2026-07-07T14:24:49Z
  • ✅ Approved (commit: d63c8f5) - 2026-07-07T14:24:51Z
  • ✅ Merge Started
  • ✅ Merged - 2026-07-07T14:25:02Z

➡️ Current phase: PR merged successfully! ✅

@dd-prapprover-prod-77c48c dd-prapprover-prod-77c48c Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR has been automatically approved by the DD PR Approver bot.

@dd-prapprover-prod-77c48c dd-prapprover-prod-77c48c Bot merged commit bb69b2e into main Jul 7, 2026
2 checks passed
@dd-prapprover-prod-77c48c dd-prapprover-prod-77c48c Bot deleted the engraver-auto-version-upgrade/minorpatch/go/1-1783415527 branch July 7, 2026 14:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants