Skip to content

fix: update golang.org/x/oauth2 to v0.27.0 in tensorboard-controller #791

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
yehudit1987 wants to merge 1 commit into
base: notebooks-v1
Choose a base branch
from
Open

fix: update golang.org/x/oauth2 to v0.27.0 in tensorboard-controller #791

yehudit1987 wants to merge 1 commit into from

Conversation

@yehudit1987
Copy link

@yehudit1987 yehudit1987 commented Dec 9, 2025

Update golang.org/x/oauth2 to address CVE-2025-22868, a HIGH severity
security vulnerability identified in the v1.11 release security scan.

Changes to go.mod:

  • golang.org/x/oauth2: v0.0.0-20210819190943 → v0.27.0 (fixes CVE)
  • github.com/google/go-cmp: v0.5.5 → v0.5.9 (transitive update)
  • google.golang.org/appengine: removed (no longer required)

Validation performed:

  • go mod tidy: passed
  • go build: passed
  • go vet: passed (no deprecation warnings)
  • Unit tests: passed
  • Integration tests: passed
  • Multi-arch tests: passed
  • E2E deployment test: passed (TensorBoard lifecycle verified)
  • Backward compatibility: confirmed (no API/CRD changes)

The oauth2 package is an indirect dependency used by k8s.io/client-go
for GCP authentication. No code changes required as there is no direct
usage in tensorboard-controller.

Fixes #781 (PR 3)

@github-project-automation github-project-automation bot moved this to Needs Triage in Kubeflow Notebooks Dec 9, 2025
@google-oss-prow google-oss-prow bot added the area/controller area - related to controller components label Dec 9, 2025
@google-oss-prow
Copy link

google-oss-prow bot commented Dec 9, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign kimwnasptd for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@google-oss-prow google-oss-prow bot added area/v1 area - version - kubeflow notebooks v1 size/S labels Dec 9, 2025
@yehudit1987 yehudit1987 changed the title fix(tensorboard-controller): update golang.org/x/oauth2 to v0.27.0 fix: update golang.org/x/oauth2 to v0.27.0 in tensorboard-controller Dec 9, 2025
@yehudit1987 yehudit1987 marked this pull request as ready for review December 9, 2025 09:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kimwnasptd kimwnasptd Awaiting requested review from kimwnasptd

@thesuperzapper thesuperzapper Awaiting requested review from thesuperzapper

Assignees

No one assigned

Labels

area/controller area - related to controller components area/v1 area - version - kubeflow notebooks v1 size/S

Projects

Kubeflow Notebooks
Status: Needs Triage

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yehudit1987