Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update github.com/sosedoff/gitkit to v0.3.0 (CVE fix) #594

Merged
merged 1 commit into from
Feb 25, 2022

Conversation

pjbgf
Copy link
Member

@pjbgf pjbgf commented Feb 25, 2022

Fixes https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488 in the indirect dependency github.com/satori/go.uuid by updating github.com/sosedoff/gitkit to v0.3.0, which no longer depends on it:

✗ High severity vulnerability found in github.com/satori/go.uuid
  Description: Insecure Randomness
  Info: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488
  Introduced through: github.com/sosedoff/gitkit@#72ebbcf5056d
  From: github.com/sosedoff/gitkit@#72ebbcf5056d > github.com/satori/[email protected]

@pjbgf pjbgf changed the title Update github.com/satori/go.uuid to v1.2.1-0 (CVE fix) Update github.com/sosedoff/gitkit to v0.3.0 (CVE fix) Feb 25, 2022
@pjbgf pjbgf marked this pull request as ready for review February 25, 2022 12:13
@hiddeco hiddeco added the area/ci CI related issues and pull requests label Feb 25, 2022
@hiddeco hiddeco merged commit e4bfab2 into fluxcd:main Feb 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/ci CI related issues and pull requests
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants