Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump github.com/go-git/go-git/v5 to latest to resolve CVE-2023-49569 … #64

Closed
wants to merge 1 commit into from

Conversation

cyril1929
Copy link

…(critical)

@cyril1929
Copy link
Author

Can you fix the UT please, to fix this critical CVE ?

@JohnStarich
Copy link
Owner

JohnStarich commented Jun 2, 2024

Taking a look, thanks for opening. The new library versions don't appear to play well with older Go releases.

It appears since the crypto lib dependabot PR couldn't be merged (new workaround might unblock it now), it froze all of the other dependabot PRs and I wasn't notified. 😞 Maybe once those are merged this PR's change becomes easier.

@JohnStarich
Copy link
Owner

Fixed by #65
Released as [email protected]

@JohnStarich JohnStarich closed this Jun 3, 2024
@cyril1929
Copy link
Author

Thank you so much !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants