Skip to content

Comments

VULN UPGRADE: minor upgrades — 6 packages (minor: 1 · patch: 5) #109

Open
campaigner-prod[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/go/0-1770981547
Open

VULN UPGRADE: minor upgrades — 6 packages (minor: 1 · patch: 5) #109
campaigner-prod[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/go/0-1770981547

Conversation

@campaigner-prod
Copy link

@campaigner-prod campaigner-prod bot commented Feb 13, 2026

Summary: High-severity security update — 6 packages upgraded (MINOR changes included)

Manifests changed:

  • . (go)

Updates

Package From To Type Vulnerabilities Fixed
github.com/containerd/containerd v1.7.20 v1.7.30 patch 3 HIGH, 2 MODERATE, 4 MEDIUM
github.com/stretchr/testify v1.9.0 v1.11.1 minor -
github.com/opencontainers/image-spec v1.1.0 v1.1.1 patch -
github.com/sirupsen/logrus v1.9.3 v1.9.4 patch -
github.com/urfave/cli/v2 v2.27.2 v2.27.7 patch -
oras.land/oras-go v1.2.6 v1.2.7 patch -

Packages marked with "-" are updated due to dependency constraints.

Security Details

🚨 Critical & High Severity (3 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
github.com/containerd/containerd GHSA-pwhc-rpq9-4c8w HIGH containerd affected by a local privilege escalation via wide permissions on CRI directory v1.7.20 1.7.29
github.com/containerd/containerd CVE-2024-25621 HIGH containerd affected by a local privilege escalation via wide permissions on CRI directory v1.7.20 -
github.com/containerd/containerd GO-2025-4100 HIGH containerd affected by a local privilege escalation via wide permissions on CRI directory in github.com/containerd/containerd v1.7.20 1.7.29
ℹ️ Other Vulnerabilities (6)
Package CVE Severity Summary Unsafe Version Fixed In
github.com/containerd/containerd GO-2025-3528 medium containerd has an integer overflow in User ID handling in github.com/containerd/containerd v1.7.20 1.6.38
github.com/containerd/containerd CVE-2024-40635 medium containerd has an integer overflow in User ID handling v1.7.20 -
github.com/containerd/containerd GO-2025-4108 medium containerd CRI server: Host memory exhaustion through Attach goroutine leak in github.com/containerd/containerd v1.7.20 1.7.29
github.com/containerd/containerd CVE-2025-64329 medium containerd CRI server: Host memory exhaustion through Attach goroutine leak v1.7.20 -
github.com/containerd/containerd GHSA-265r-hfxg-fhmg MODERATE containerd has an integer overflow in User ID handling v1.7.20 1.7.27
github.com/containerd/containerd GHSA-m6hq-p25p-ffr2 MODERATE containerd CRI server: Host memory exhaustion through Attach goroutine leak v1.7.20 1.7.29

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-dependency-update adms-go adms-high-severity adms-medium-severity adms-minor-update adms-mode-all-updates campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants