Skip to content

flyway/11.17.0-r0: cve remediation#71913

Closed
octo-sts[bot] wants to merge 1 commit intomainfrom
cve-flyway-11.17.0-r0-0936ffd83e4831d2485a94d82ab66912
Closed

flyway/11.17.0-r0: cve remediation#71913
octo-sts[bot] wants to merge 1 commit intomainfrom
cve-flyway-11.17.0-r0-0936ffd83e4831d2485a94d82ab66912

Conversation

@octo-sts
Copy link
Copy Markdown
Contributor

@octo-sts octo-sts Bot commented Nov 13, 2025

flyway/11.17.0-r0: fix GHSA-m494-w24q-6f7w

Advisory data: https://github.com/wolfi-dev/advisories/blob/main/flyway.advisories.yaml

"Breadcrumbs" for this automated service

@octo-sts octo-sts Bot added P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. automated pr flyway GHSA-m494-w24q-6f7w maven/pombump request-cve-remediation bincapz/blocking Bincapz (aka malcontent) scan results detected CRITICALs on the packages. labels Nov 13, 2025
@octo-sts octo-sts Bot assigned egibs Nov 13, 2025
egibs
egibs requested changes Nov 13, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@egibs egibs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Undoing approval.

@egibs egibs added the malcontent/reviewed The malcontent findings in this PR have been manually reviewed by security. label Nov 13, 2025
@catmsred
Copy link
Copy Markdown
Member

catmsred commented Nov 14, 2025

Advisory has been added for this issue: wolfi-dev/advisories#25388

@octo-sts
Copy link
Copy Markdown
Contributor Author

octo-sts Bot commented Nov 14, 2025

This vulnerability remediation is stale and no longer needed. 👋

Advisory CGA-7vpq-jvgf-5q9p has the latest event type of "false-positive-determination": https://github.com/wolfi-dev/advisories/blob/main/flyway.advisories.yaml

ID:      CGA-7vpq-jvgf-5q9p
Package: flyway
Aliases: CVE-2025-59250 GHSA-m494-w24q-6f7w
Events:
  - "scan/v1" at 2025-11-05 07:35:07 UTC
  - "false-positive-determination" at 2025-11-06 12:43:12 UTC
  - "fixed" at 2025-11-06 13:54:00 UTC
  - "scan/v1" at 2025-11-12 07:46:17 UTC
  - "false-positive-determination" at 2025-11-13 19:47:50 UTC

@octo-sts octo-sts Bot closed this Nov 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@egibs egibs egibs requested changes

Assignees

@egibs egibs

Labels

automated pr bincapz/blocking Bincapz (aka malcontent) scan results detected CRITICALs on the packages. flyway GHSA-m494-w24q-6f7w malcontent/reviewed The malcontent findings in this PR have been manually reviewed by security. maven/pombump P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. request-cve-remediation service:cve-pr-closer

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@catmsred @egibs @cmwilson21