Skip to content

[2.14] fix cves in docker client library + go-jwt + bump golang version#372

Merged
thatmidwesterncoder merged 2 commits into
rancher:release/v2.14from
thatmidwesterncoder:cve_remediations_214
Jun 4, 2026
Merged

[2.14] fix cves in docker client library + go-jwt + bump golang version#372
thatmidwesterncoder merged 2 commits into
rancher:release/v2.14from
thatmidwesterncoder:cve_remediations_214

Conversation

@thatmidwesterncoder
Copy link
Copy Markdown

@thatmidwesterncoder thatmidwesterncoder commented Jun 3, 2026

Issue: rancher/rancher#55282

Parent Issue: rancher/rancher#55284

Bumping a few things to lower the CVE count, notably:

  • docker/docker library
  • go-jwt library
  • golang version to latest minor

@thatmidwesterncoder thatmidwesterncoder requested review from a team and Copilot June 3, 2026 18:29
@thatmidwesterncoder thatmidwesterncoder marked this pull request as ready for review June 3, 2026 18:30
Copilot AI reviewed Jun 3, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates module/toolchain dependencies to reduce reported CVEs, including bumping the Docker client library and go-jwt, with a small code adjustment to match the newer Docker API types.

Changes:

  • Bump github.com/docker/docker from v25.0.8 to v28.5.2 and update ImagePull options type usage accordingly.
  • Bump github.com/golang-jwt/jwt/v4 from v4.5.0 to v4.5.2.
  • Bump Go toolchain patch version from go1.25.7 to go1.25.10 and refresh go.sum for new transitive dependencies.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

File Description
libmachine/mcndockerclient/docker_client.go Updates Docker client imports/types for ImagePull with the newer Docker library version.
go.mod Bumps Docker + JWT dependencies and updates Go toolchain patch version.
go.sum Updates checksums to match the dependency bumps and new transitive modules.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread libmachine/mcndockerclient/docker_client.go Outdated
@HarrisonWAffel HarrisonWAffel requested a review from a team June 4, 2026 20:10
@thatmidwesterncoder thatmidwesterncoder merged commit b72049e into rancher:release/v2.14 Jun 4, 2026
1 check passed
@thatmidwesterncoder thatmidwesterncoder deleted the cve_remediations_214 branch June 4, 2026 20:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@HarrisonWAffel HarrisonWAffel HarrisonWAffel approved these changes

@snasovich snasovich snasovich approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@thatmidwesterncoder @HarrisonWAffel @snasovich