fix(deps): update module golang.org/x/oauth2 to v0.27.0 [security]#921
Open
renovate[bot] wants to merge 1 commit into
Open
fix(deps): update module golang.org/x/oauth2 to v0.27.0 [security]#921renovate[bot] wants to merge 1 commit into
renovate[bot] wants to merge 1 commit into
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #921 +/- ##
===========================================
+ Coverage 28.17% 64.52% +36.34%
===========================================
Files 172 172
Lines 21718 21718
===========================================
+ Hits 6119 14013 +7894
+ Misses 15467 7081 -8386
- Partials 132 624 +492 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
68fb402 to
2902157
Compare
2902157 to
288e4ec
Compare
288e4ec to
95d7c9a
Compare
95d7c9a to
f2e96f0
Compare
f2e96f0 to
de79703
Compare
de79703 to
e179f1b
Compare
e179f1b to
a9884e2
Compare
a9884e2 to
d7c5903
Compare
d7c5903 to
9588c8f
Compare
9945104 to
aae12ca
Compare
aae12ca to
d47911e
Compare
d47911e to
3e996b4
Compare
3e996b4 to
2c009c1
Compare
2c009c1 to
37b028a
Compare
37b028a to
07b0897
Compare
07b0897 to
c3922b7
Compare
c3922b7 to
b7ad1b3
Compare
b7ad1b3 to
12049e8
Compare
12049e8 to
591e245
Compare
|
Remediation actions: Workflows: "WORKFLOW-42 · SCA PR Comments for all Orgs"
|
| ID | Vulnerability | CVSS | Exploit maturity | EPSS | Fix version |
|---|---|---|---|---|---|
| CVE-2025-22868 | golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability | 7.5 | No exploit maturity data | Score: 0.00125 Percentile 31.1% |
0.27.0 |
Remediation suggestions
Upgrade to golang.org/x/oauth2 v0.36.0:
1. Go to go.mod
2. Replace vulnerable version v0.26.0 with fix version v0.36.0
Upgrade to golang.org/x/oauth2 v0.27.0:
1. Go to go.mod
2. Replace vulnerable version v0.26.0 with fix version v0.27.0
Repository: terraform-provider-equinix
Applications: ORG - EQUINIX,PROJ: PUBLIC-OPENSOURCE (Auto)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v0.26.0→v0.27.0Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability
CVE-2025-22868 / GHSA-6v2p-p543-phr9
More information
Details
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.