v26.2.9
v26.2.9
Patch security vulnerabilities in dependencies
Bump several dependencies to patched versions to address security advisories reported by Dependabot.
Notable updates:
github.com/jackc/pgx/v5tov5.9.2across all Go modules (SQL injection via placeholder confusion in dollar-quoted string literals).github.com/moby/spdystreamtov0.5.1(denial of service on container runtime interface).go.opentelemetry.io/oteltov1.41.0(remote DoS amplification via multi-value baggage header).postcssto>=8.5.10(XSS via unescaped</style>in CSS stringify output).uuidto>=14.0.0(missing buffer bounds check in v3/v5/v6 generators).@xmldom/xmldomto>=0.8.13(XML node injection and uncontrolled recursion).axios,follow-redirects,lodash,picomatch,brace-expansion,serialize-javascript,yaml,file-type,i18next-fs-backend,@nestjs/coreto their respective patched versions.
