Skip to content

fix(deps): remediate console CLI containerd vulnerability#770

Merged
michaeljguarino merged 1 commit into
mainfrom
agent/remediate-console-cli-vulns-1761983100000
Jun 27, 2026
Merged

fix(deps): remediate console CLI containerd vulnerability#770
michaeljguarino merged 1 commit into
mainfrom
agent/remediate-console-cli-vulns-1761983100000

Conversation

@plural-copilot

Copy link
Copy Markdown
Contributor

Summary

  • bump github.com/containerd/containerd from v1.7.32 to v1.7.33 in the CLI module
  • confirm golang.org/x/crypto is already at v0.52.0
  • confirm golang.org/x/net is already at v0.55.0
  • confirm golang.org/x/sys is already at v0.45.0 (newer than the requested v0.44.0)

Why this fixes the console image vulns

The vulnerable Go packages in ghcr.io/pluralsh/console:sha-58d365e come from the plural CLI binary built from this repository. In this repo, that binary is built from ./cmd/plural by both the Dockerfile and .goreleaser.yaml. Updating the owned module dependency that was still below the fixed version ensures the next console image rebuild will embed the remediated CLI dependency set.

Plural Service: mgmt/console

@plural-copilot plural-copilot Bot left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR was generated by the codex Plural Agent Runtime. Here's some useful information you might want to know to evaluate the ai's perfomance:

Name Details
💬 Prompt Create a remediation PR in this repository for fixable vulnerabilities affecting the ghcr.io/pluralsh/console:sha-58d365e image, where Go vulns in that image come from the CLI binary built from this repo....
🔗 Run history View run history

@michaeljguarino michaeljguarino merged commit 94d4e31 into main Jun 27, 2026
14 of 15 checks passed
@michaeljguarino michaeljguarino deleted the agent/remediate-console-cli-vulns-1761983100000 branch June 27, 2026 00:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant