This is an automated email from the ASF dual-hosted git repository.
kezhenxu94 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/skywalking-satellite.git
The following commit(s) were added to refs/heads/main by this push:
new d76f3b5 cves: bump Go from 1.26.2 to 1.26.3 to fix stdlib CVEs (#250)
d76f3b5 is described below
commit d76f3b5c413c5dd5ba16d61ed02520f72fbb272b
Author: tetrate-ci[bot] <[email protected]>
AuthorDate: Sat May 9 14:15:19 2026 +0800
cves: bump Go from 1.26.2 to 1.26.3 to fix stdlib CVEs (#250)
Bumps the Go toolchain from 1.26.2 to 1.26.3 to fix the following
stdlib CVEs:
- CVE-2026-39825
- CVE-2026-39836
- CVE-2026-42499
- CVE-2026-33811
- CVE-2026-39826
- CVE-2026-39820
- CVE-2026-33814
- CVE-2026-39823
Changes:
- docker/Dockerfile: golang:1.26.2 -> golang:1.26.3
- go.mod: toolchain go1.26.2 -> go1.26.3
Co-authored-by: Security Agent <[email protected]>
---
docker/Dockerfile | 2 +-
go.mod | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/docker/Dockerfile b/docker/Dockerfile
index fa376ac..c96c0be 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -14,7 +14,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-FROM golang:1.26.2 AS build
+FROM golang:1.26.3 AS build
ARG VERSION="latest"
ARG TARGETARCH
diff --git a/go.mod b/go.mod
index 2189a49..b4e967a 100644
--- a/go.mod
+++ b/go.mod
@@ -2,7 +2,7 @@ module github.com/apache/skywalking-satellite
go 1.25.0
-toolchain go1.26.2
+toolchain go1.26.3
require (
github.com/Shopify/sarama v1.27.2
