Skip to content

[Release-v0.26.x] fix: CVE-2026-34986, CVE-2026-33211, & CVE-2026-33186#1630

Open
infernus01 wants to merge 1 commit intotektoncd:release-v0.26.xfrom
infernus01:CVE-fix
Open

[Release-v0.26.x] fix: CVE-2026-34986, CVE-2026-33211, & CVE-2026-33186#1630
infernus01 wants to merge 1 commit intotektoncd:release-v0.26.xfrom
infernus01:CVE-fix

Conversation

@infernus01
Copy link
Copy Markdown
Member

@infernus01 infernus01 commented Apr 15, 2026
edited
Loading

Changes

This PR addresses CVEs - CVE-2026-34986, CVE-2026-33211, & CVE-2026-33186.

Submitter Checklist

As the author of this PR, please check off the items in this checklist:

  • Has Docs included if any changes are user facing
  • Has Tests included if any functionality added or changed
  • Follows the commit message standard
  • Meets the Tekton contributor standards (including
    functionality, content, code)
  • Release notes block below has been updated with any user facing changes (API changes, bug fixes, changes requiring upgrade notices or deprecation warnings)
  • Release notes contains the string "action required" if the change requires additional action from users switching to the new release

Release Notes

NONE

@tekton-robot tekton-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Apr 15, 2026
@tekton-robot tekton-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Apr 15, 2026
@infernus01 infernus01 changed the title fix: CVE-2026-34986 - upgrade go-jose version to v4.1.4 [Release-v0.26.x] fix: CVE-2026-34986, CVE-2026-33211, & CVE-2026-33186 Apr 15, 2026
@infernus01
fix: CVE-2026-34986, CVE-2026-33211, & CVE-2026-33186
7d81676 
Signed-off-by: Shubham Bhardwaj <shubbhar@redhat.com>
@anithapriyanatarajan
Copy link
Copy Markdown
Contributor

anithapriyanatarajan commented Apr 15, 2026

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Apr 15, 2026
@anithapriyanatarajan
Copy link
Copy Markdown
Contributor

anithapriyanatarajan commented Apr 15, 2026

/approve

@tekton-robot
Copy link
Copy Markdown

tekton-robot commented Apr 15, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: anithapriyanatarajan
To complete the pull request process, please assign jkhelil after the PR has been reviewed.
You can assign the PR to them by writing /assign @jkhelil in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@anithapriyanatarajan
Copy link
Copy Markdown
Contributor

anithapriyanatarajan commented Apr 15, 2026

/kind misc

@tekton-robot tekton-robot added the kind/misc Categorizes issue or PR as a miscellaneuous one. label Apr 15, 2026
@anithapriyanatarajan
Copy link
Copy Markdown
Contributor

anithapriyanatarajan commented Apr 15, 2026

/ok-to-test

@anithapriyanatarajan
Copy link
Copy Markdown
Contributor

anithapriyanatarajan commented Apr 15, 2026

@lcarva @PuneetPunamiya - Need your help to merge this PR. Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lcarva lcarva Awaiting requested review from lcarva

@PuneetPunamiya PuneetPunamiya Awaiting requested review from PuneetPunamiya

At least 1 approving review is required to merge this pull request.

Assignees

@anithapriyanatarajan anithapriyanatarajan

Labels

kind/misc Categorizes issue or PR as a miscellaneuous one. lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@infernus01 @anithapriyanatarajan @tekton-robot