Skip to content

spark-4.0/4.0.0-r0: cve remediation #57509

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
octo-sts wants to merge 1 commit into from
Closed

spark-4.0/4.0.0-r0: cve remediation #57509

octo-sts wants to merge 1 commit into from

Conversation

@octo-sts
Copy link
Contributor

@octo-sts octo-sts bot commented Jun 25, 2025

spark-4.0/4.0.0-r0: fix GHSA-wxr5-93ph-8wr9

Advisory data: https://github.com/wolfi-dev/advisories/blob/main/spark-4.0.advisories.yaml

"Breadcrumbs" for this automated service

@octo-sts octo-sts bot added automated pr GHSA-wxr5-93ph-8wr9 maven/pombump request-cve-remediation spark-4.0 bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. auto-approver-bot/initial-checks-failed labels Jun 25, 2025
@jamie-albert jamie-albert self-assigned this Jun 25, 2025
@jamie-albert
Copy link
Member

jamie-albert commented Jun 25, 2025

advisory: wolfi-dev/advisories#20540

@octo-sts
Copy link
Contributor Author

octo-sts bot commented Jun 25, 2025

This vulnerability remediation is stale and no longer needed. 👋

Advisory CGA-fc3h-q37m-f2mr has the latest event type of "pending-upstream-fix": https://github.com/wolfi-dev/advisories/blob/main/spark-4.0.advisories.yaml

ID:      CGA-fc3h-q37m-f2mr
Package: spark-4.0
Aliases: CVE-2025-48734 GHSA-wxr5-93ph-8wr9
Events:
  - "scan/v1" at 2025-06-25 08:54:37 UTC
  - "pending-upstream-fix" at 2025-06-25 21:47:11 UTC

@octo-sts octo-sts bot closed this Jun 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@jamie-albert jamie-albert

Labels

auto-approver-bot/initial-checks-failed automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. GHSA-wxr5-93ph-8wr9 maven/pombump request-cve-remediation service:cve-pr-closer spark-4.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jamie-albert