chore(deps): bump github.com/testcontainers/testcontainers-go from 0.42.0 to 0.43.0#64
Security Analysis Passed
No security issues found
Details
Kusari Analysis Results:
✅ No Flagged Issues Detected
All values appear to be within acceptable risk parameters.
Both dependency and code security analyses independently recommend proceeding with this PR. The code scan returned zero findings — no secrets, no code issues, and no workflow concerns. On the dependency side, this PR updates testcontainers-go from v0.42.0 to v0.43.0 and its transitive dependencies. Notably, the golang.org/x/sys update to v0.45.0 actively remediates a prior vulnerability (CVE-2026-39824), making this PR a net security improvement. The only flagged dependency, golang.org/x/crypto (v0.51.0), carries 13 unresolved advisories across its ssh and ssh/agent subpackages (including CVE-2026-39827, CVE-2026-39829, CVE-2026-39831, CVE-2026-42508, CVE-2026-46597). However, all 13 were already present in the prior version (v0.48.0), meaning this PR does not introduce new cryptographic risk. These are transitive dependencies scoped exclusively to the test library, EPSS scores are uniformly low (under 0.5%), and no fix is currently available. All licenses remain permissive (BSD-3-Clause, Apache-2.0, MIT). Action item: monitor golang.org/x/crypto for a patched release and upgrade testcontainers-go when a version pulling in a fixed crypto version is available.
Note
View full detailed analysis result for more information on the output and the checks that were run.
@kusari-inspector rerun - Trigger a re-analysis of this PR
@kusari-inspector feedback [your message] - Send feedback to our AI and team
See Kusari's documentation for setup and configuration.
Commit: 3fb718f, performed at: 2026-06-24T12:14:35Z