kezhenxu94 opened a new pull request, #235: URL: https://github.com/apache/skywalking-satellite/pull/235
## Summary Fix the following CVEs in the satellite component: | CVE | Severity | Package | Fix | |-----|----------|---------|-----| | CVE-2026-33186 | CRITICAL | google.golang.org/grpc | Upgraded from v1.78.0 to v1.79.3 | | CVE-2026-25679 | HIGH | stdlib | Upgraded Go toolchain to go1.25.8 | | CVE-2026-27142 | MEDIUM | stdlib | Upgraded Go toolchain to go1.25.8 | | CVE-2026-27171 | MEDIUM | zlib | Updated base image alpine:3.21 with apk -U upgrade | | CVE-2025-60876 | MEDIUM | busybox | Updated base image alpine:3.21 with apk -U upgrade | ## Changes - Upgraded `google.golang.org/grpc` from v1.78.0 to v1.79.3 - Set Go toolchain to `go1.25.8` to fix stdlib CVEs (CVE-2026-25679, CVE-2026-27142) - Updated builder image to `golang:1.25.8` - Runtime image uses `alpine:3.21` with `apk -U upgrade` to pick up patched busybox and zlib packages -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
