Skip to content

spark-4.0/4.0.0-r0: cve remediation #57508

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
octo-sts wants to merge 1 commit into from
Closed

spark-4.0/4.0.0-r0: cve remediation #57508

octo-sts wants to merge 1 commit into from

Conversation

@octo-sts
Copy link
Contributor

@octo-sts octo-sts bot commented Jun 25, 2025

spark-4.0/4.0.0-r0: fix GHSA-wf8f-6423-gfxg

Advisory data: https://github.com/wolfi-dev/advisories/blob/main/spark-4.0.advisories.yaml

"Breadcrumbs" for this automated service

@octo-sts octo-sts bot added automated pr GHSA-wf8f-6423-gfxg maven/pombump request-cve-remediation spark-4.0 bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. auto-approver-bot/initial-checks-failed labels Jun 25, 2025
@jamie-albert jamie-albert self-assigned this Jun 25, 2025
@jamie-albert
Copy link
Member

jamie-albert commented Jun 25, 2025

advisory: wolfi-dev/advisories#20540

@octo-sts
Copy link
Contributor Author

octo-sts bot commented Jun 25, 2025

This vulnerability remediation is stale and no longer needed. 👋

Advisory CGA-53qq-qh98-q7jv has the latest event type of "pending-upstream-fix": https://github.com/wolfi-dev/advisories/blob/main/spark-4.0.advisories.yaml

ID:      CGA-53qq-qh98-q7jv
Package: spark-4.0
Aliases: CVE-2025-49128 GHSA-wf8f-6423-gfxg
Events:
  - "scan/v1" at 2025-06-25 08:54:36 UTC
  - "pending-upstream-fix" at 2025-06-25 21:47:44 UTC

@octo-sts octo-sts bot closed this Jun 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@jamie-albert jamie-albert

Labels

auto-approver-bot/initial-checks-failed automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. GHSA-wf8f-6423-gfxg maven/pombump request-cve-remediation service:cve-pr-closer spark-4.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jamie-albert