Skip to content

[🐸 Frogbot] Update version of github.com/sigstore/timestamp-authority/v2 to 2.1.0#73

Open
github-actions[bot] wants to merge 1 commit into
mainfrom
frogbot-github.com/sigstore/timestamp-authority/v2-fdc015f53b8eab902048054a922bd1cc
Open

[🐸 Frogbot] Update version of github.com/sigstore/timestamp-authority/v2 to 2.1.0#73
github-actions[bot] wants to merge 1 commit into
mainfrom
frogbot-github.com/sigstore/timestamp-authority/v2-fdc015f53b8eab902048054a922bd1cc

Conversation

@github-actions

@github-actions github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🚨 This automated pull request was created by Frogbot and fixes the below:

📦 Vulnerable Dependencies

Severity ID Contextual Analysis Direct Dependencies Impacted Dependency Fixed Versions
medium
Medium
CVE-2026-49835 Not Covered github.com/sigstore/timestamp-authority/v2:v2.0.6 github.com/sigstore/timestamp-authority/v2 v2.0.6 [2.1.0]

🔖 Details

Vulnerability Details

Contextual Analysis: Not Covered
Direct Dependencies: github.com/sigstore/timestamp-authority/v2:v2.0.6
Impacted Dependency: github.com/sigstore/timestamp-authority/v2:v2.0.6
Fixed Versions: [2.1.0]
CVSS V3: 5.9

Sigstore Timestamp Authority has OOM due to unbounded metric label cardinality


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant