chore: Bump deps to resolve CVEs by brendan-kellam · Pull Request #14 · sourcebot-dev/zoekt

brendan-kellam · 2026-05-16T00:01:25Z

No description provided.

- google.golang.org/grpc 1.75.0 -> 1.80.0 (addresses GHSA critical sourcebot-dev#11: authorization bypass via missing leading slash in :path). - go.opentelemetry.io/otel* 1.42.0/1.33.0 -> 1.43.0 (addresses sourcegraph#15 high: BSD kenv PATH hijack, and sourcebot-dev#14 medium: unbounded OTLP HTTP response body). Fixes Dependabot alerts 11, 14, 15 on sourcebot-dev/zoekt. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

bump deps for CVEs

9dcb139

brendan-kellam merged commit 2566953 into main May 16, 2026
14 of 15 checks passed

brendan-kellam deleted the bkellam/fix-cves branch May 16, 2026 00:06

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: Bump deps to resolve CVEs#14

chore: Bump deps to resolve CVEs#14
brendan-kellam merged 1 commit into
mainfrom
bkellam/fix-cves

brendan-kellam commented May 16, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

brendan-kellam commented May 16, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant