Skip to content

chore(deps): Update module github.com/sirupsen/logrus to v1.9.1 [SECURITY]#262

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/go-github.qkg1.top-sirupsen-logrus-vulnerability
Open

chore(deps): Update module github.com/sirupsen/logrus to v1.9.1 [SECURITY]#262
renovate[bot] wants to merge 1 commit intomainfrom
renovate/go-github.qkg1.top-sirupsen-logrus-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Dec 5, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
github.com/sirupsen/logrus v1.9.0v1.9.1 age confidence

GitHub Vulnerability Alerts

CVE-2025-65637

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.

Release Notes

sirupsen/logrus (github.com/sirupsen/logrus)

v1.9.1

Compare Source

What's Changed

New Contributors

Full Changelog: sirupsen/logrus@v1.9.0...v1.9.1

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Changes to dependencies label Dec 5, 2025
@renovate renovate bot changed the title chore(deps): Update module github.com/sirupsen/logrus to v1.9.1 [SECURITY] chore(deps): Update module github.com/sirupsen/logrus to v1.9.1 [SECURITY] - autoclosed Mar 27, 2026
@renovate renovate bot closed this Mar 27, 2026
@renovate renovate bot deleted the renovate/go-github.qkg1.top-sirupsen-logrus-vulnerability branch March 27, 2026 02:41
@renovate renovate bot changed the title chore(deps): Update module github.com/sirupsen/logrus to v1.9.1 [SECURITY] - autoclosed chore(deps): Update module github.com/sirupsen/logrus to v1.9.1 [SECURITY] Mar 30, 2026
@renovate renovate bot reopened this Mar 30, 2026
@renovate renovate bot force-pushed the renovate/go-github.qkg1.top-sirupsen-logrus-vulnerability branch 2 times, most recently from 42bfed4 to c38702b Compare March 30, 2026 18:56
@renovate renovate bot changed the title chore(deps): Update module github.com/sirupsen/logrus to v1.9.1 [SECURITY] chore(deps): Update module github.com/sirupsen/logrus to v1.9.1 [SECURITY] - autoclosed Apr 13, 2026
@renovate renovate bot closed this Apr 13, 2026
@renovate renovate bot changed the title chore(deps): Update module github.com/sirupsen/logrus to v1.9.1 [SECURITY] - autoclosed chore(deps): Update module github.com/sirupsen/logrus to v1.9.1 [SECURITY] Apr 13, 2026
@renovate renovate bot reopened this Apr 13, 2026
@renovate renovate bot force-pushed the renovate/go-github.qkg1.top-sirupsen-logrus-vulnerability branch 2 times, most recently from c38702b to d9dbb7d Compare April 13, 2026 07:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Changes to dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants