Skip to content

[0.4] ops: Bump elasticsearch gem to 8.14.0 (#421)#423

Open
github-actions[bot] wants to merge 1 commit into0.4from
backport/0.4/pr-421
Open

[0.4] ops: Bump elasticsearch gem to 8.14.0 (#421)#423
github-actions[bot] wants to merge 1 commit into0.4from
backport/0.4/pr-421

Conversation

@github-actions
Copy link

Backports the following commits to 0.4:

### elastic/search-team#12889

This version bump updates the transitive dependency on `faraday`;
`elasticsearch@8.13.0` inherits `faraday@2.8.1` via
`elastic-transport@8.3.2`, which is vulnerable to
[CVE-2026-25765](GHSA-33mh-2634-fwr2).
`elasticsearch@8.14.0` transitively depends on `faraday@2.14.1`, which
fixes this vulnerability.

### Checklists

#### Pre-Review Checklist
- [x] This PR does NOT contain credentials of any kind, such as API keys
or username/passwords (double check `crawler.yml.example` and
`elasticsearch.yml.example`)
- [x] This PR has a meaningful title
- [x] This PR links to all relevant GitHub issues that it fixes or
partially addresses
- If there is no GitHub issue, please create it. Each PR should have a
link to an issue
- [x] this PR has a thorough description
- [x] Added a label for each target release version (example: `v0.1.0`)
- [x] Considered corresponding documentation changes
- [x] Contributed any configuration settings changes to the
configuration reference
- [x] Ran `make notice` if any dependencies have been added
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant