Skip to content

Commit e02a00e

Browse files
Shelnutt2Shelnutt2
authored
fix: bump go-jose/go-jose/v4 to v4.1.4 (CVE-2026-34986) (#25263)
## Summary Bumps `github.com/go-jose/go-jose/v4` from v4.1.3 to v4.1.4 on the `release/2.29` branch to fix a JWE decryption panic. | CVE | Severity | Advisory | |-----|----------|----------| | CVE-2026-34986 | High | [NVD](https://nvd.nist.gov/vuln/detail/CVE-2026-34986) | | GHSA-78h2-9frx-2jm8 | High | [GitHub](GHSA-78h2-9frx-2jm8) | ## Changes - `go.mod`: `go-jose/go-jose/v4` v4.1.3 -> v4.1.4 - `go.sum`: updated checksums No code changes; dependency-only bump. Ref: [ENT-55](https://linear.app/codercom/issue/ENT-55), [ENT-65](https://linear.app/codercom/issue/ENT-65) > Generated by Coder Agents ([session](https://linear.app/codercom/issue/ENT-55/ironbank-upgrade-go-jose-to-fix-jwe-decryption-panic-cve-2026-34986#agent-session-f2144e2c))
1 parent bc9ee3b commit e02a00e

2 files changed

Lines changed: 3 additions & 3 deletions

File tree

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -123,7 +123,7 @@ require (
123123
github.com/go-chi/chi/v5 v5.2.4
124124
github.com/go-chi/cors v1.2.1
125125
github.com/go-chi/httprate v0.15.0
126-
github.com/go-jose/go-jose/v4 v4.1.3
126+
github.com/go-jose/go-jose/v4 v4.1.4
127127
github.com/go-logr/logr v1.4.3
128128
github.com/go-playground/validator/v10 v10.28.0
129129
github.com/gofrs/flock v0.13.0

go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -489,8 +489,8 @@ github.com/go-git/go-git/v5 v5.19.0 h1:+WkVUQZSy/F1Gb13udrMKjIM2PrzsNfDKFSfo5tkM
489489
github.com/go-git/go-git/v5 v5.19.0/go.mod h1:Pb1v0c7/g8aGQJwx9Us09W85yGoyvSwuhEGMH7zjDKQ=
490490
github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=
491491
github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
492-
github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs=
493-
github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=
492+
github.com/go-jose/go-jose/v4 v4.1.4 h1:moDMcTHmvE6Groj34emNPLs/qtYXRVcd6S7NHbHz3kA=
493+
github.com/go-jose/go-jose/v4 v4.1.4/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=
494494
github.com/go-json-experiment/json v0.0.0-20250725192818-e39067aee2d2 h1:iizUGZ9pEquQS5jTGkh4AqeeHCMbfbjeb0zMt0aEFzs=
495495
github.com/go-json-experiment/json v0.0.0-20250725192818-e39067aee2d2/go.mod h1:TiCD2a1pcmjd7YnhGH0f/zKNcCD06B029pHhzV23c2M=
496496
github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=

0 commit comments

Comments
 (0)