rancher-machine/0.15.0.126-r0: cve remediation#48875
rancher-machine/0.15.0.126-r0: cve remediation#48875octo-sts[bot] wants to merge 1 commit intomainfrom
Conversation
octo-sts
bot
added
automated pr
GHSA-gh5c-3h97-2f3q
go/bump
request-cve-remediation
labels
|
Please use 👍 or 👎 on this comment to indicate if you agree or disagree with the recommendation. To provide more detailed feedback please comment on the recommendation prefixed with /ai-verify: e.g. /ai-verify partially helpful but I also added bash to the build environment Gen AI suggestions to solve the build error: • Detected Error: "go.mod:121: replace github.com/moby/moby: version "v26.0.0" invalid: should be v0 or v1, not v26" • Error Category: Version/Dependency • Failure Point: go/bump step when trying to update moby dependency • Root Cause Analysis: The moby/moby repository uses a non-standard versioning scheme. While the version is v26.0.0, Go's module system expects semantic versions starting with v0 or v1 for the initial module path. • Suggested Fix: - uses: go/bump
with:
deps: |-
github.com/golang-jwt/jwt/v4@v4.5.2
golang.org/x/crypto@v0.35.0
golang.org/x/net@v0.36.0
golang.org/x/oauth2@v0.27.0
github.com/moby/moby@v20.10.24+incompatible• Explanation: The moby/moby project (Docker Engine) uses a different versioning scheme that doesn't follow Go's semantic versioning requirements. Using the +incompatible suffix tells Go to accept the non-standard version number. v20.10.24 is a stable version that should be compatible with rancher-machine. • Additional Notes:
• References:
|
|
Closing as wolfi-dev/advisories#16717 got merged with an advisory for this CVE. |
2 participants
rancher-machine/0.15.0.126-r0: fix GHSA-gh5c-3h97-2f3q
Advisory data: https://github.com/wolfi-dev/advisories/blob/main/rancher-machine.advisories.yaml
"Breadcrumbs" for this automated service