Skip to content

ROX-33925: bump github.com/russellhaering/goxmldsig from 1.5.0 to 1.6.0#19691

Open
vladbologa wants to merge 1 commit intorelease-4.10from
vb/bump-goxmldsig-4.10
Open

ROX-33925: bump github.com/russellhaering/goxmldsig from 1.5.0 to 1.6.0#19691
vladbologa wants to merge 1 commit intorelease-4.10from
vb/bump-goxmldsig-4.10

Conversation

@vladbologa
Copy link
Copy Markdown
Contributor

@vladbologa vladbologa commented Mar 30, 2026
edited
Loading

Description

Bump github.com/russellhaering/goxmldsig to 1.6.0 to fix CVE-2026-33487

Note that Stackrox is not affected by CVE-2026-33487 because it uses go > 1.22, but patching this will nevertheless help to not get flagged incorrectly by scanners.

Related to ROX-33870 ROX-33871 ROX-33872 ROX-33873

User-facing documentation

Testing and quality

  • the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

  • added unit tests
  • added e2e tests
  • added regression tests
  • added compatibility tests
  • modified existing tests

How I validated my change

CI is sufficient

@vladbologa vladbologa requested a review from a team as a code owner March 30, 2026 16:51
@github-actions github-actions bot added the backport PR to backport changes from master to release branch label Mar 30, 2026
@rhacs-bot
Copy link
Copy Markdown
Contributor

rhacs-bot commented Mar 30, 2026

Images are ready for the commit at 284c519.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.10.1-rc.0-19-g284c51998a.

@codecov
Copy link
Copy Markdown

codecov bot commented Mar 30, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 49.34%. Comparing base (b7d5016) to head (284c519).

Additional details and impacted files 
@@               Coverage Diff                @@
##           release-4.10   #19691      +/-   ##
================================================
- Coverage         49.34%   49.34%   -0.01%     
================================================
  Files              2661     2661              
  Lines            200828   200828              
================================================
- Hits              99105    99102       -3     
- Misses            94279    94281       +2     
- Partials           7444     7445       +1
Flag Coverage Δ
go-unit-tests 49.34% <ø> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@openshift-ci
Copy link
Copy Markdown

openshift-ci bot commented Mar 30, 2026

@vladbologa: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/gke-nongroovy-compatibility-tests 284c519 link false /test gke-nongroovy-compatibility-tests

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@vladbologa vladbologa changed the title chore(deps): bump github.com/russellhaering/goxmldsig from 1.5.0 to 1.6.0 ROX-33925: bump github.com/russellhaering/goxmldsig from 1.5.0 to 1.6.0 Mar 31, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@janisz janisz janisz approved these changes

Assignees

No one assigned

Labels

backport PR to backport changes from master to release branch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vladbologa @rhacs-bot @janisz