chore(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.43.0 in /policy/opa #80
Security Analysis Passed
No security issues found
Details
Kusari Analysis Results:
✅ No Flagged Issues Detected
All values appear to be within acceptable risk parameters.
Both dependency and code security analyses independently recommend proceeding with this PR. The dependency analysis confirms that upgrading go.opentelemetry.io/otel/sdk from v1.39.0 to v1.43.0 resolves two PATH hijacking vulnerabilities (CVE-2026-24051 and CVE-2026-39883) affecting macOS/Darwin and BSD platforms. The new version (v1.43.0) carries no active advisories, is the latest available, and all packages maintain high health scores (10/10 scorecard) with permissive licenses (Apache-2.0, BSD-3-Clause). The code analysis confirmed zero vulnerabilities, secrets, or workflow issues in the modified files (policy/opa/go.mod and policy/opa/go.sum), with govulncheck returning clean results. This PR is a net security improvement with no introduced risk.
Note
View full detailed analysis result for more information on the output and the checks that were run.
@kusari-inspector rerun - Trigger a re-analysis of this PR
@kusari-inspector feedback [your message] - Send feedback to our AI and team
See Kusari's documentation for setup and configuration.
Commit: 109cb87, performed at: 2026-04-08T21:21:17Z