Skip to content

local-static-provisioner: fix GHSA-r6j8-c6r2-37rr by cherry-picking upstream commits#76735

Closed
jamie-albert wants to merge 2 commits into
wolfi-dev:mainfrom
jamie-albert:local-static-provisioner-GHSA-r6j8-c6r2-37rr-fix
Closed

local-static-provisioner: fix GHSA-r6j8-c6r2-37rr by cherry-picking upstream commits#76735
jamie-albert wants to merge 2 commits into
wolfi-dev:mainfrom
jamie-albert:local-static-provisioner-GHSA-r6j8-c6r2-37rr-fix

Update cherry-pick references from main to master

9c1d1b3
Select commit
Loading
Failed to load commit list.
StepSecurity Actions Security / StepSecurity Required Checks succeeded Dec 23, 2025 in 1s

StepSecurity Required Checks

Finished StepSecurity Required Checks

  • NPM Compromised Packages Check - Checks for compromised npm package versions in the PR
  • NPM Package Cooldown Check - Fails if any package version in the PR was released within the configured cooldown period, helping to avoid brand-new (and potentially unreviewed or malicious) releases
  • Pwn Request Vulnerabilities Check - Checks for Pwn Request vulnerabilities in the PR via risky triggers
  • Script Injection Check - Checks for script injection vulnerabilities in the PR

Details

✅ Pwn Request Vulnerabilities Check

No Pwn Request vulnerabilities found in this PR.

✅ NPM Package Cooldown Check

No npm package upgrades to recent releases found in current PR.

✅ Script Injection Vulnerabilities Check

No Script Injection vulnerabilities found in this PR.

✅ NPM Compromised Packages Check

No Compromised npm packages are added in current PR.

⏲️ History

Previous invocation results of same check: