datadog-agent/7.63.3-r1: cve remediation #46273
Conversation
octo-sts
bot
added
P1
|
Please use 👍 or 👎 on this comment to indicate if you agree or disagree with the recommendation. To provide more detailed feedback please comment on the recommendation prefixed with /ai-verify: e.g. /ai-verify partially helpful but I also added bash to the build environment Gen AI suggestions to solve the build error: • Detected Error: "Error: failed to run update. Error: package golang.org/x/oauth2 was not found on the go.mod file. Please remove the package or add it to the list of 'replaces'" • Error Category: Build/Dependency • Failure Point: go/bump step trying to update golang.org/x/oauth2 in pkg/trace/go.mod • Root Cause Analysis: The go/bump step is trying to update golang.org/x/oauth2 but this package isn't directly declared in the pkg/trace/go.mod file, it's likely a transitive dependency. • Suggested Fix: Modify the go/bump step in the melange.yaml to only update the packages that are directly declared: - uses: go/bump
with:
modroot: pkg/trace
deps: |-
github.com/docker/[email protected]+incompatible
golang.org/x/[email protected]
show-diff: true• Explanation: By removing golang.org/x/oauth2 from the deps list, we only update packages that are directly declared in the go.mod file. The oauth2 package will still be updated through the normal module dependency resolution process. • Additional Notes:
• References:
|
octo-sts
bot
added
the
bincapz/pass
datadog-agent/7.63.3-r1: fix CVE-2025-22868
Advisory data: https://github.com/wolfi-dev/advisories/blob/main/datadog-agent.advisories.yaml
Source code for this service: https://go/cve-remedy-automation-source
Logs for this execution: https://go/cve-remedy-automation-logs
Docs for this service: (not provided yet)