Proposition: bump github.com/go-git/go-git/v5 from 5.5 to 5.11 to fix a critical vulnerability #2138
parrot55
started this conversation in
Developement
Proposition: bump github.com/go-git/go-git/v5 from 5.5 to 5.11 to fix a critical vulnerability
#2138
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Problem description
The library github.com/go-git/go-git/v5 has a critical vulnerability: GHSA-449p-3h89-pw88. This vulnerability introduces a path traversal issue, which is probably not relevant for a tool like tfsec. Nevertheless, scans of tfsec with Software Composition Analysis tools mention this vulnerability, which leads to failing pipelines in our CI/CD tool.
What is expected?
The version of the go-git library is bumped from 5.5. to 5.11, where CVE-2023-49569 is fixed.
Additional context:
GHSA-449p-3h89-pw88
Beta Was this translation helpful? Give feedback.
All reactions