Skip to content

fix: update golang.org/x/oauth2 to v0.27.0 #806

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
henschwartz wants to merge 1 commit into
base: notebooks-v1
Choose a base branch
from
Open

fix: update golang.org/x/oauth2 to v0.27.0 #806

henschwartz wants to merge 1 commit into from
+6 −7

Conversation

@henschwartz
Copy link

@henschwartz henschwartz commented Dec 15, 2025

Fixes CVE-2025-22868

This PR updates golang.org/x/oauth2 from v0.0.0-20210819190943-2bc19b11175f
to v0.27.0 to address security vulnerabilities identified in the v1.11 release scan.

Changes:

  • Updated golang.org/x/oauth2 to v0.27.0
  • Updated github.com/google/go-cmp to v0.5.9 (dependency of oauth2)
  • Removed google.golang.org/appengine (no longer required)
  • Ran go mod tidy to update dependencies
  • Verified build succeeds with go build

Related: #780

fix: update golang.org/x/oauth2 to v0.27.0
f9d7d99 
Fixes CVE-2025-22868

This PR updates golang.org/x/oauth2 from v0.0.0-20210819190943-2bc19b11175f
to v0.27.0 to address security vulnerabilities identified in the v1.11 release scan.

Changes:
- Updated golang.org/x/oauth2 to v0.27.0
- Updated github.com/google/go-cmp to v0.5.9 (dependency of oauth2)
- Removed google.golang.org/appengine (no longer required)
- Ran go mod tidy to update dependencies
- Verified build succeeds with go build

Related: kubeflow#780 (PR 3)
@github-project-automation github-project-automation bot moved this to Needs Triage in Kubeflow Notebooks Dec 15, 2025
@google-oss-prow google-oss-prow bot added the area/controller area - related to controller components label Dec 15, 2025
@google-oss-prow
Copy link

google-oss-prow bot commented Dec 15, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign thesuperzapper for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@google-oss-prow google-oss-prow bot added area/v1 area - version - kubeflow notebooks v1 size/S labels Dec 15, 2025
@henschwartz
Copy link
Author

henschwartz commented Dec 15, 2025

image

tests:
https://github.com/kubeflow/notebooks/actions/runs/20237597330/job/58096400451?pr=806
https://github.com/kubeflow/notebooks/actions/runs/20237597559/job/58096401136?pr=806
https://github.com/kubeflow/notebooks/actions/runs/20237597275/job/58096400473?pr=806

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kimwnasptd kimwnasptd Awaiting requested review from kimwnasptd

@thesuperzapper thesuperzapper Awaiting requested review from thesuperzapper

Assignees

No one assigned

Labels

area/controller area - related to controller components area/v1 area - version - kubeflow notebooks v1 size/S

Projects

Kubeflow Notebooks
Status: Needs Triage

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@henschwartz