Request to patch dependencies to fix CVEs

Hi,

Our security scanner finds the following vulnerabilities in our oauth-proxy container image.

Is it possible for you to upgrade the dependencies to the fixed versions?

Thank you!


| Vulnerability | Severity | CVSS3 | Package | Current Version | Fixed in version |
| ------------- | -------- | ----- | ------- | --------------- | ---------------- |
| [CVE-2026-33186](https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3) | Critical | NVD: 9.1 | google.golang.org/grpc | v1.68.1 | 1.79.3 |
| [CVE-2026-24051](https://osv.dev/vulnerability/GHSA-9h8m-3fm2-qjrq) | High | NVD: 7 | go.opentelemetry.io/otel/sdk | v1.33.0 | 1.40.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Request to patch dependencies to fix CVEs #354

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Vulnerability	Severity	CVSS3	Package	Current Version	Fixed in version
CVE-2026-33186	Critical	NVD: 9.1	google.golang.org/grpc	v1.68.1	1.79.3
CVE-2026-24051	High	NVD: 7	go.opentelemetry.io/otel/sdk	v1.33.0	1.40.0

Request to patch dependencies to fix CVEs #354

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions