[release-1.29] Bump Go Jose to v3.0.5, CVE-2026-34986, Buildah to v1.29.8#6825
Conversation
Bump Go Jose to v3.0.5 to address CVE-2026-34986 Fixes: https://redhat.atlassian.net/browse/RHEL-164978, https://redhat.atlassian.net/browse/RHEL-165539 [NO NEW TESTS NEEDED] Signed-off-by: Tom Sweeney <tsweeney@redhat.com>
TomSweeneyRedHat
added
the
No New Tests
dosubot
Bot
added
the
size:S
lsm5
left a comment
lsm5
left a comment
There was a problem hiding this comment.
@TomSweeneyRedHat the Unit tests w/ overlay is warning of some rhel 9.8/10.2 support. The change itself LGTM.
I'd be happy to hit merge but anyway, @containers/buildah-maintainers PTAL
|
That check in setup.sh should be removed. |
|
we should switch these branches over to something like: #6796 . Currently that's failing too for some reason I'll check on next week once CZ is back online. @TomSweeneyRedHat do you wanna remove the check in setup.sh? Else, I don't mind checking |
Adjust the Makefile's go version for vendor-in-container to v1.24 to match the go.mod. ALso remove the EOL check from cirrus as the date has been pushed out by the RHEL program. Signed-off-by: Tom Sweeney <tsweeney@redhat.com>
Bump Buildah to 1.29.8 Signed-off-by: Tom Sweeney <tsweeney@redhat.com>
TomSweeneyRedHat
force-pushed
the
dev/tsweeney/release-1.29-cve-2025-34986
branch
from
93685c9 to
23dbdb3
Compare
|
I'm gonna bypass rules and merge this. We don't need to care about debian here AFAICT. |
lsm5
merged commit 44f67f3
into
podman-container-tools:release-1.29
3 participants
Bump Go Jose to v3.0.5 to address CVE-2026-34986
Fixes: https://redhat.atlassian.net/browse/RHEL-164978, https://redhat.atlassian.net/browse/RHEL-165539
What type of PR is this?
What this PR does / why we need it:
How to verify it
Which issue(s) this PR fixes:
Special notes for your reviewer:
Does this PR introduce a user-facing change?