Skip to content

fix: Update dependencies#773

Merged
maciaszczykm merged 3 commits into
mainfrom
update-dependencies
Jul 7, 2026
Merged

fix: Update dependencies#773
maciaszczykm merged 3 commits into
mainfrom
update-dependencies

Conversation

@maciaszczykm

Copy link
Copy Markdown
Member

No description provided.

@maciaszczykm maciaszczykm added the bug-fix This pull request fixes a bug label Jul 7, 2026
@socket-security

socket-security Bot commented Jul 7, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedcloud.google.com/​go/​compute@​v1.54.0 ⏵ v1.64.076 +110010010060
Updatedgithub.com/​hashicorp/​go-bexpr@​v0.1.15 ⏵ v0.1.16100 +110010010070
Updatedgithub.com/​pluralsh/​console/​go/​client@​v1.70.0 ⏵ v0.0.0-20260706120905-5f6ff115eb7110010010010070
Updatedgithub.com/​pluralsh/​console/​go/​controller@​v0.0.0-20260129150042-18e31f596bd7 ⏵ v0.0.0-20260706120905-5f6ff115eb71100 +110010010070
Updatedgolang.org/​x/​oauth2@​v0.35.0 ⏵ v0.36.071100100100100
Updatedgithub.com/​Azure/​azure-sdk-for-go/​sdk/​azcore@​v1.18.0 ⏵ v1.22.071 +1100100100100
Updatedgithub.com/​aws/​aws-sdk-go-v2@​v1.41.5 ⏵ v1.42.171 +1100100100100
Updatedgithub.com/​posthog/​posthog-go@​v1.4.10 ⏵ v1.17.572 -24100100100100
Updatedgithub.com/​google/​go-containerregistry@​v0.20.3 ⏵ v0.21.773 +1100100100100
Updatedgithub.com/​Azure/​azure-sdk-for-go/​sdk/​resourcemanager/​storage/​armstorage@​v1.8.0 ⏵ v1.8.173100100100100
Updatedhelm.sh/​helm/​v3@​v3.20.2 ⏵ v3.21.273 +110010010080
Updatedsigs.k8s.io/​controller-runtime@​v0.23.1 ⏵ v0.24.173 +1100100100100
Updatedgolang.org/​x/​crypto@​v0.52.0 ⏵ v0.53.074 +1100100100100
Updatedk8s.io/​apimachinery@​v0.35.2 ⏵ v0.36.274100100100100
Updatedgitlab.com/​gitlab-org/​api/​client-go@​v0.128.0 ⏵ v1.46.075 +110010010080
Updatedk8s.io/​kubectl@​v0.35.1 ⏵ v0.36.275 +1100100100100
Updatedgoogle.golang.org/​grpc@​v1.79.3 ⏵ v1.82.075 +1100100100100
Updatedk8s.io/​client-go@​v0.35.1 ⏵ v0.36.275 +110010075100
Updatedcloud.google.com/​go/​storage@​v1.57.1 ⏵ v1.63.076 -3100100100100
Updatedk8s.io/​api@​v0.35.1 ⏵ v0.36.276 +1100100100100
Updatedgolang.org/​x/​text@​v0.37.0 ⏵ v0.39.077 +1100100100100
Updatedgoogle.golang.org/​api@​v0.256.0 ⏵ v0.287.079 +1100100100100
Updatedcloud.google.com/​go/​iam@​v1.5.3 ⏵ v1.11.080 -2100100100100
Updatedgithub.com/​Azure/​azure-sdk-for-go/​sdk/​azidentity@​v1.9.0 ⏵ v1.14.082 -5100100100100
Updatedgithub.com/​ktrysmt/​go-bitbucket@​v0.9.83 ⏵ v0.10.083 -2100100100100
Updatedgithub.com/​aws/​aws-sdk-go-v2/​config@​v1.29.14 ⏵ v1.32.2888 +1100100100100
Updatedgithub.com/​urfave/​cli@​v1.22.16 ⏵ v1.22.1791100100100100
Updatedgithub.com/​yuin/​gopher-lua@​v1.1.1 ⏵ v1.1.292100100100100
Updatedgithub.com/​aws/​aws-sdk-go-v2/​service/​s3@​v1.97.3 ⏵ v1.105.093 -1100100100100
Updatedcloud.google.com/​go/​resourcemanager@​v1.10.7 ⏵ v1.15.093100100100100
Updatedgithub.com/​olekukonko/​tablewriter@​v0.0.5 ⏵ v1.1.495 -4100100100100
Updatedk8s.io/​cli-runtime@​v0.35.1 ⏵ v0.36.297100100100100
See 13 more rows in the dashboard

View full report

@socket-security

socket-security Bot commented Jul 7, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: golang github.com/envoyproxy/go-control-plane/envoy is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?golang/google.golang.org/[email protected]golang/github.com/envoyproxy/go-control-plane/[email protected]

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/envoyproxy/go-control-plane/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: golang github.com/envoyproxy/go-control-plane/envoy is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?golang/google.golang.org/[email protected]golang/github.com/envoyproxy/go-control-plane/[email protected]

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/envoyproxy/go-control-plane/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: golang github.com/envoyproxy/go-control-plane/envoy is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?golang/google.golang.org/[email protected]golang/github.com/envoyproxy/go-control-plane/[email protected]

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/envoyproxy/go-control-plane/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: golang github.com/envoyproxy/go-control-plane/envoy is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?golang/google.golang.org/[email protected]golang/github.com/envoyproxy/go-control-plane/[email protected]

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/envoyproxy/go-control-plane/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: golang github.com/envoyproxy/go-control-plane/envoy is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?golang/google.golang.org/[email protected]golang/github.com/envoyproxy/go-control-plane/[email protected]

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/envoyproxy/go-control-plane/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: golang github.com/envoyproxy/go-control-plane/envoy is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?golang/google.golang.org/[email protected]golang/github.com/envoyproxy/go-control-plane/[email protected]

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/envoyproxy/go-control-plane/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: golang github.com/olekukonko/ll is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?golang/github.com/olekukonko/[email protected]golang/github.com/olekukonko/[email protected]

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/olekukonko/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: golang golang.org/x/tools is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?golang/github.com/pluralsh/[email protected]golang/github.com/pluralsh/console/go/[email protected]golang/sigs.k8s.io/[email protected]golang/github.com/go-git/go-git/[email protected]golang/k8s.io/[email protected]golang/k8s.io/[email protected]golang/k8s.io/[email protected]golang/k8s.io/[email protected]golang/github.com/google/[email protected]golang/helm.sh/helm/[email protected]golang/google.golang.org/[email protected]golang/github.com/pluralsh/console/go/[email protected]golang/golang.org/x/[email protected]golang/github.com/pluralsh/console/go/[email protected]golang/gotest.tools/[email protected]golang/github.com/pluralsh/[email protected]golang/github.com/Yamashou/[email protected]golang/golang.org/x/[email protected]

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/golang.org/x/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: golang k8s.io/client-go is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: go.modgolang/k8s.io/[email protected]

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/k8s.io/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@maciaszczykm

Copy link
Copy Markdown
Member Author

@greptileai

@maciaszczykm maciaszczykm merged commit a5e367d into main Jul 7, 2026
14 checks passed
@maciaszczykm maciaszczykm deleted the update-dependencies branch July 7, 2026 12:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug-fix This pull request fixes a bug

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants