Skip to content

chore(deps): bump s3 to v1.97.3 + containerd/v2 to v2.2.4#984

Merged
oskarszoon merged 4 commits into
bsv-blockchain:mainfrom
oskarszoon:fix/deps-bump-minor-2
Jun 2, 2026
Merged

chore(deps): bump s3 to v1.97.3 + containerd/v2 to v2.2.4#984
oskarszoon merged 4 commits into
bsv-blockchain:mainfrom
oskarszoon:fix/deps-bump-minor-2

Conversation

@oskarszoon

@oskarszoon oskarszoon commented May 29, 2026

Copy link
Copy Markdown
Contributor

Summary

Bumps 2 Go dependencies to close 2 open Dependabot alerts surfaced after the initial 2026-05-21 triage:

2 commits, one per package.

Test plan

  • go build ./...
  • go test ./... — 8193 tests pass in 151 packages
  • go test -race ./... — exit 0, no race warnings
  • go vet ./... — only the 4 pre-existing test/utils issues
  • golangci-lint run --timeout=5m --disable gosec --disable prealloc — no issues found
  • staticcheck ./... — clean
  • govulncheck ./... — s3 and containerd/v2 no longer flagged
  • Targeted: go test -race ./stores/blob/... (s3) and go test -race ./util/... (containerd transitive) pass

Out of scope

Source: fresh inventory pulled 2026-05-29 against the post-PR-#968 main branch.

oskarszoon added 2 commits May 29, 2026 13:14
@oskarszoon
chore(deps): bump aws-sdk-go-v2/service/s3 to v1.97.3
8376502 
Closes Dependabot alert bsv-blockchain#72. EventStream decoder DoS panic affects s3
v < 1.97.3. Prior bump in PR bsv-blockchain#925 pinned to v1.96.4 because GH advisory
indicated 1.96.x was sufficient at the time; advisory was later refined
to require 1.97.3+.
@oskarszoon
chore(deps): bump containerd/v2 to v2.2.4
2af5418 
Closes Dependabot alert bsv-blockchain#101. containerd user-ID handling bypass allows
runAsNonRoot evasion in versions < 2.2.4; patched in 2.2.4. Indirect dep
pulled via the docker/containerd toolchain. Conservative bump within the
v2.2.x line.
@socket-security

socket-security Bot commented May 29, 2026
edited
Loading

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedgolang/​github.com/​aws/​aws-sdk-go-v2@​v1.41.4 ⏵ v1.41.571100100100100
Updatedgolang/​github.com/​aws/​aws-sdk-go-v2/​service/​s3@​v1.96.4 ⏵ v1.97.394100 +2100100100

View full report

@github-actions

github-actions Bot commented May 29, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

🤖 Claude Code Review

Status: Complete

No issues found.

This is a well-executed security dependency update. The changes are minimal (go.mod and go.sum only), thoroughly tested per AGENTS.md requirements, and directly address two Dependabot security alerts:

All verification commands from AGENTS.md were executed and passed, including race detection and vulnerability scanning.

@github-actions

github-actions Bot commented May 29, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Benchmark Comparison Report

Baseline: main (unknown)

Current: PR-984 (4508b24)

Summary

  • Regressions: 0
  • Improvements: 0
  • Unchanged: 144
  • Significance level: p < 0.05
All benchmark results (sec/op)
Benchmark Baseline Current Change p-value
_NewBlockFromBytes-4 1.829µ 1.621µ ~ 0.100
SplitSyncedParentMap_SetIfNotExists/256_buckets-4 71.24n 71.31n ~ 0.400
SplitSyncedParentMap_SetIfNotExists/16_buckets-4 71.30n 71.71n ~ 0.200
SplitSyncedParentMap_SetIfNotExists/1_bucket-4 71.21n 71.47n ~ 0.100
SplitSyncedParentMap_ConcurrentSetIfNotExists/256_buckets... 32.65n 32.87n ~ 1.000
SplitSyncedParentMap_ConcurrentSetIfNotExists/16_buckets_... 54.27n 57.35n ~ 0.100
SplitSyncedParentMap_ConcurrentSetIfNotExists/1_bucket_pa... 124.8n 129.2n ~ 0.200
MiningCandidate_Stringify_Short-4 219.9n 220.5n ~ 1.000
MiningCandidate_Stringify_Long-4 1.647µ 1.667µ ~ 0.200
MiningSolution_Stringify-4 857.9n 853.0n ~ 0.700
BlockInfo_MarshalJSON-4 1.738µ 1.722µ ~ 0.100
NewFromBytes-4 133.1n 133.3n ~ 0.400
AddTxBatchColumnar_Validation-4 2.490µ 2.616µ ~ 0.400
OffsetValidationLoop-4 644.5n 639.3n ~ 0.400
Mine_EasyDifficulty-4 61.21µ 61.14µ ~ 1.000
Mine_WithAddress-4 7.720µ 7.026µ ~ 0.700
DiskTxMap_SetIfNotExists-4 3.393µ 3.283µ ~ 0.100
DiskTxMap_SetIfNotExists_Parallel-4 3.204µ 3.125µ ~ 0.400
DiskTxMap_ExistenceOnly-4 295.8n 288.0n ~ 0.100
Queue-4 192.2n 191.7n ~ 1.000
AtomicPointer-4 4.683n 5.017n ~ 1.000
ReorgOptimizations/DedupFilterPipeline/Old/10K-4 883.8µ 866.7µ ~ 0.400
ReorgOptimizations/DedupFilterPipeline/New/10K-4 779.2µ 776.2µ ~ 0.100
ReorgOptimizations/AllMarkFalse/Old/10K-4 109.9µ 106.0µ ~ 0.700
ReorgOptimizations/AllMarkFalse/New/10K-4 62.06µ 62.17µ ~ 1.000
ReorgOptimizations/HashSlicePool/Old/10K-4 60.93µ 55.00µ ~ 0.100
ReorgOptimizations/HashSlicePool/New/10K-4 11.41µ 11.73µ ~ 1.000
ReorgOptimizations/NodeFlags/Old/10K-4 4.597µ 4.612µ ~ 1.000
ReorgOptimizations/NodeFlags/New/10K-4 1.635µ 1.591µ ~ 0.300
ReorgOptimizations/DedupFilterPipeline/Old/100K-4 9.296m 9.174m ~ 1.000
ReorgOptimizations/DedupFilterPipeline/New/100K-4 9.178m 9.379m ~ 0.200
ReorgOptimizations/AllMarkFalse/Old/100K-4 1.053m 1.083m ~ 0.200
ReorgOptimizations/AllMarkFalse/New/100K-4 683.9µ 676.0µ ~ 0.400
ReorgOptimizations/HashSlicePool/Old/100K-4 616.3µ 584.9µ ~ 0.100
ReorgOptimizations/HashSlicePool/New/100K-4 310.2µ 313.0µ ~ 1.000
ReorgOptimizations/NodeFlags/Old/100K-4 49.90µ 50.26µ ~ 1.000
ReorgOptimizations/NodeFlags/New/100K-4 17.41µ 17.58µ ~ 0.800
TxMapSetIfNotExists-4 51.96n 51.92n ~ 1.000
TxMapSetIfNotExistsDuplicate-4 40.53n 40.37n ~ 0.200
ChannelSendReceive-4 591.9n 598.1n ~ 0.100
BlockAssembler_AddTx-4 0.02720n 0.02671n ~ 1.000
AddNode-4 10.79 11.03 ~ 0.400
AddNodeWithMap-4 11.66 11.81 ~ 1.000
DirectSubtreeAdd/4_per_subtree-4 57.75n 56.63n ~ 1.000
DirectSubtreeAdd/64_per_subtree-4 28.83n 29.07n ~ 0.700
DirectSubtreeAdd/256_per_subtree-4 27.78n 27.95n ~ 0.200
DirectSubtreeAdd/1024_per_subtree-4 26.47n 26.58n ~ 0.100
DirectSubtreeAdd/2048_per_subtree-4 26.06n 26.14n ~ 0.700
SubtreeProcessorAdd/4_per_subtree-4 299.5n 297.7n ~ 0.400
SubtreeProcessorAdd/64_per_subtree-4 291.1n 284.8n ~ 0.400
SubtreeProcessorAdd/256_per_subtree-4 291.1n 285.5n ~ 0.700
SubtreeProcessorAdd/1024_per_subtree-4 283.4n 278.3n ~ 0.100
SubtreeProcessorAdd/2048_per_subtree-4 288.8n 280.1n ~ 0.200
SubtreeProcessorRotate/4_per_subtree-4 297.3n 281.2n ~ 0.200
SubtreeProcessorRotate/64_per_subtree-4 286.8n 284.6n ~ 1.000
SubtreeProcessorRotate/256_per_subtree-4 282.0n 279.6n ~ 0.100
SubtreeProcessorRotate/1024_per_subtree-4 280.1n 277.6n ~ 0.100
SubtreeNodeAddOnly/4_per_subtree-4 55.27n 55.34n ~ 0.600
SubtreeNodeAddOnly/64_per_subtree-4 36.11n 36.20n ~ 0.700
SubtreeNodeAddOnly/256_per_subtree-4 35.14n 35.17n ~ 1.000
SubtreeNodeAddOnly/1024_per_subtree-4 34.43n 34.61n ~ 0.600
SubtreeCreationOnly/4_per_subtree-4 110.6n 111.5n ~ 0.400
SubtreeCreationOnly/64_per_subtree-4 356.4n 348.9n ~ 0.200
SubtreeCreationOnly/256_per_subtree-4 1.239µ 1.236µ ~ 1.000
SubtreeCreationOnly/1024_per_subtree-4 3.799µ 3.869µ ~ 0.400
SubtreeCreationOnly/2048_per_subtree-4 6.809µ 6.776µ ~ 0.400
SubtreeProcessorOverheadBreakdown/64_per_subtree-4 279.6n 278.4n ~ 0.100
SubtreeProcessorOverheadBreakdown/1024_per_subtree-4 278.3n 277.9n ~ 0.800
ParallelGetAndSetIfNotExists/1k_nodes-4 2.009m 2.001m ~ 0.400
ParallelGetAndSetIfNotExists/10k_nodes-4 5.251m 5.262m ~ 0.700
ParallelGetAndSetIfNotExists/50k_nodes-4 7.267m 7.341m ~ 0.700
ParallelGetAndSetIfNotExists/100k_nodes-4 10.10m 10.00m ~ 0.400
SequentialGetAndSetIfNotExists/1k_nodes-4 1.792m 1.780m ~ 0.700
SequentialGetAndSetIfNotExists/10k_nodes-4 4.675m 4.428m ~ 0.100
SequentialGetAndSetIfNotExists/50k_nodes-4 15.80m 13.37m ~ 0.100
SequentialGetAndSetIfNotExists/100k_nodes-4 27.66m 24.88m ~ 0.100
ProcessOwnBlockSubtreeNodesParallel/1k_nodes-4 2.074m 2.047m ~ 0.400
ProcessOwnBlockSubtreeNodesParallel/10k_nodes-4 8.529m 8.366m ~ 0.100
ProcessOwnBlockSubtreeNodesParallel/100k_nodes-4 14.50m 13.24m ~ 0.100
ProcessOwnBlockSubtreeNodesSequential/1k_nodes-4 1.816m 1.808m ~ 1.000
ProcessOwnBlockSubtreeNodesSequential/10k_nodes-4 11.190m 8.439m ~ 0.100
ProcessOwnBlockSubtreeNodesSequential/100k_nodes-4 66.45m 45.70m ~ 0.100
CalcBlockWork-4 506.3n 477.7n ~ 0.400
CalculateWork-4 662.5n 656.1n ~ 0.400
BuildBlockLocatorString_Helpers/Size_10-4 1.414µ 1.335µ ~ 0.100
BuildBlockLocatorString_Helpers/Size_100-4 12.81µ 13.06µ ~ 0.100
BuildBlockLocatorString_Helpers/Size_1000-4 156.7µ 158.6µ ~ 0.700
CatchupWithHeaderCache-4 104.3m 104.3m ~ 1.000
_prepareTxsPerLevel-4 414.0m 430.3m ~ 0.100
_prepareTxsPerLevelOrdered-4 3.466m 4.485m ~ 0.100
_prepareTxsPerLevel_Comparison/Original-4 417.4m 431.3m ~ 0.100
_prepareTxsPerLevel_Comparison/Optimized-4 3.498m 4.052m ~ 0.100
SubtreeSizes/10k_tx_4_per_subtree-4 1.403m 1.373m ~ 1.000
SubtreeSizes/10k_tx_16_per_subtree-4 322.3µ 322.3µ ~ 0.700
SubtreeSizes/10k_tx_64_per_subtree-4 78.35µ 77.03µ ~ 0.700
SubtreeSizes/10k_tx_256_per_subtree-4 19.37µ 19.15µ ~ 0.400
SubtreeSizes/10k_tx_512_per_subtree-4 9.632µ 9.570µ ~ 0.700
SubtreeSizes/10k_tx_1024_per_subtree-4 4.791µ 4.770µ ~ 1.000
SubtreeSizes/10k_tx_2k_per_subtree-4 2.388µ 2.385µ ~ 0.700
BlockSizeScaling/10k_tx_64_per_subtree-4 76.18µ 75.93µ ~ 0.700
BlockSizeScaling/10k_tx_256_per_subtree-4 19.28µ 19.16µ ~ 0.400
BlockSizeScaling/10k_tx_1024_per_subtree-4 4.786µ 4.730µ ~ 0.200
BlockSizeScaling/50k_tx_64_per_subtree-4 398.9µ 398.7µ ~ 0.700
BlockSizeScaling/50k_tx_256_per_subtree-4 95.50µ 94.70µ ~ 0.200
BlockSizeScaling/50k_tx_1024_per_subtree-4 23.57µ 23.30µ ~ 0.400
SubtreeAllocations/small_subtrees_exists_check-4 162.0µ 162.2µ ~ 1.000
SubtreeAllocations/small_subtrees_data_fetch-4 166.3µ 165.6µ ~ 0.100
SubtreeAllocations/small_subtrees_full_validation-4 329.3µ 326.4µ ~ 0.200
SubtreeAllocations/medium_subtrees_exists_check-4 9.513µ 9.386µ ~ 0.400
SubtreeAllocations/medium_subtrees_data_fetch-4 9.906µ 9.923µ ~ 0.700
SubtreeAllocations/medium_subtrees_full_validation-4 19.13µ 19.09µ ~ 0.400
SubtreeAllocations/large_subtrees_exists_check-4 2.250µ 2.287µ ~ 0.700
SubtreeAllocations/large_subtrees_data_fetch-4 2.418µ 2.411µ ~ 1.000
SubtreeAllocations/large_subtrees_full_validation-4 4.816µ 4.797µ ~ 0.400
_BufferPoolAllocation/16KB-4 4.670µ 4.945µ ~ 1.000
_BufferPoolAllocation/32KB-4 8.112µ 10.168µ ~ 0.100
_BufferPoolAllocation/64KB-4 16.34µ 19.50µ ~ 0.100
_BufferPoolAllocation/128KB-4 27.53µ 36.41µ ~ 0.100
_BufferPoolAllocation/512KB-4 114.2µ 131.6µ ~ 0.100
_BufferPoolConcurrent/32KB-4 18.98µ 21.56µ ~ 0.100
_BufferPoolConcurrent/64KB-4 31.26µ 30.49µ ~ 0.400
_BufferPoolConcurrent/512KB-4 145.3µ 151.6µ ~ 0.100
_SubtreeDeserializationWithBufferSizes/16KB-4 621.4µ 640.6µ ~ 0.200
_SubtreeDeserializationWithBufferSizes/32KB-4 631.5µ 631.3µ ~ 1.000
_SubtreeDeserializationWithBufferSizes/64KB-4 649.7µ 623.7µ ~ 0.100
_SubtreeDeserializationWithBufferSizes/128KB-4 671.6µ 628.3µ ~ 0.100
_SubtreeDeserializationWithBufferSizes/512KB-4 598.6µ 602.4µ ~ 0.100
_SubtreeDataDeserializationWithBufferSizes/16KB-4 37.41m 37.35m ~ 1.000
_SubtreeDataDeserializationWithBufferSizes/32KB-4 36.67m 37.31m ~ 0.100
_SubtreeDataDeserializationWithBufferSizes/64KB-4 36.71m 37.67m ~ 0.200
_SubtreeDataDeserializationWithBufferSizes/128KB-4 36.72m 37.37m ~ 0.400
_SubtreeDataDeserializationWithBufferSizes/512KB-4 36.64m 36.69m ~ 1.000
_PooledVsNonPooled/Pooled-4 834.7n 670.3n ~ 0.100
_PooledVsNonPooled/NonPooled-4 8.145µ 8.467µ ~ 0.700
_MemoryFootprint/Current_512KB_32concurrent-4 7.018µ 6.838µ ~ 0.700
_MemoryFootprint/Proposed_32KB_32concurrent-4 9.430µ 9.571µ ~ 0.400
_MemoryFootprint/Alternative_64KB_32concurrent-4 9.227µ 8.974µ ~ 0.400
StoreBlock_Sequential/BelowCSVHeight-4 332.0µ 334.2µ ~ 0.100
StoreBlock_Sequential/AboveCSVHeight-4 333.5µ 339.1µ ~ 0.100
GetUtxoHashes-4 256.2n 255.2n ~ 0.700
GetUtxoHashes_ManyOutputs-4 43.17µ 43.52µ ~ 1.000
_NewMetaDataFromBytes-4 229.2n 230.9n ~ 0.400
_Bytes-4 407.0n 408.4n ~ 0.500
_MetaBytes-4 138.7n 139.3n ~ 0.800

Threshold: >10% with p < 0.05 | Generated: 2026-06-01 15:23 UTC

@oskarszoon oskarszoon self-assigned this May 29, 2026
ordishs
ordishs approved these changes May 29, 2026
View reviewed changes

@ordishs ordishs left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approve. Minimal, well-tested security dependency bump closing two Dependabot alerts (s3 EventStream DoS panic, containerd runAsNonRoot bypass). Changes limited to go.mod/go.sum with thorough test coverage documented. Optional suggestion: run go mod tidy to prune ~10 stale checksum entries from go.sum.

@oskarszoon oskarszoon force-pushed the fix/deps-bump-minor-2 branch from c2b75ab to 0c33a65 Compare May 29, 2026 15:33
@sonarqubecloud

sonarqubecloud Bot commented Jun 1, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@oskarszoon oskarszoon merged commit e76d65d into bsv-blockchain:main Jun 2, 2026
34 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ordishs ordishs ordishs approved these changes

@freemans13 freemans13 freemans13 approved these changes

@icellan icellan Awaiting requested review from icellan

Assignees

@oskarszoon oskarszoon

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@oskarszoon @ordishs @freemans13