Skip to content

fix: vulns#45

Merged
Jdunsby merged 1 commit into
mainfrom
fix/vulns
Jun 23, 2026
Merged

fix: vulns#45
Jdunsby merged 1 commit into
mainfrom
fix/vulns

Conversation

@Jdunsby

@Jdunsby Jdunsby commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Description

NOTE: Most of the changes in this PR (everything in licences/github.com) are from regenerating licenses after applying upgrades.

Resolves high-severity SCA vulnerabilities that were failing the CI security gate (snyk test --severity-threshold=high).

Dependency updates in go.mod / go.sum:

  • Go toolchain 1.25.71.25.11 — minimum patched 1.25 release for stdlib CVEs (net, crypto, mime, etc.)
  • github.com/go-git/go-git/v5 5.14.05.19.1 — direct upgrade fixing transport and object parsing CVEs
  • Transitive upgradesgolang.org/x/crypto 0.52.0, github.com/go-viper/mapstructure/v2 2.4.0, and related go-git dependencies

Validated with snyk test --severity-threshold=high, make lint, and go test ./....

Checklist

  • Tests added and all succeed
  • Regenerated mocks, etc. (make generate)
  • Linted (make lint-fix)
  • README.md updated, if user-facing
  • License file updated, if new 3rd-party dependency is introduced

@Jdunsby Jdunsby requested review from a team as code owners June 23, 2026 09:51
@CLAassistant

CLAassistant commented Jun 23, 2026

Copy link
Copy Markdown

CLA assistant check
All committers have signed the CLA.

@snyk-io

snyk-io Bot commented Jun 23, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@ifeanyiecheruo ifeanyiecheruo left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good

@Jdunsby Jdunsby merged commit 523865a into main Jun 23, 2026
10 checks passed
@Jdunsby Jdunsby deleted the fix/vulns branch June 23, 2026 15:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants