This is an automated email from the ASF dual-hosted git repository.
kezhenxu94 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/skywalking-satellite.git
The following commit(s) were added to refs/heads/main by this push:
new 0a9f661 cves: bump go to 1.26.5 to fix CVE-2026-42505 and
CVE-2026-39822 (#268)
0a9f661 is described below
commit 0a9f661ade9cf0c1a5d34a83f808a7aec8be1627
Author: tetrate-ci[bot] <[email protected]>
AuthorDate: Thu Jul 9 17:28:34 2026 +0800
cves: bump go to 1.26.5 to fix CVE-2026-42505 and CVE-2026-39822 (#268)
Bumps the Go toolchain from 1.26.4 to 1.26.5 in docker/Dockerfile and
the toolchain directive in go.mod to fix two Go stdlib CVEs.
Fixes CVE-2026-42505, CVE-2026-39822
Co-authored-by: Security Agent <[email protected]>
---
docker/Dockerfile | 2 +-
go.mod | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 8679d04..4eeab52 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -14,7 +14,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-FROM golang:1.26.4 AS build
+FROM golang:1.26.5 AS build
ARG VERSION="latest"
ARG TARGETARCH
diff --git a/go.mod b/go.mod
index c6139fa..8b9fddc 100644
--- a/go.mod
+++ b/go.mod
@@ -2,7 +2,7 @@ module github.com/apache/skywalking-satellite
go 1.26.0
-toolchain go1.26.4
+toolchain go1.26.5
require (
github.com/Shopify/sarama v1.27.2