Proposition: bump github.com/go-git/go-git/v5 from 5.5 to 5.11 to fix a critical vulnerability #2138
parrot55
started this conversation in
Developement
Proposition: bump github.com/go-git/go-git/v5 from 5.5 to 5.11 to fix a critical vulnerability
#2138
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Problem description
The library github.com/go-git/go-git/v5 has a critical vulnerability: GHSA-449p-3h89-pw88. This vulnerability introduces a path traversal issue, which is probably not relevant for a tool like tfsec. Nevertheless, scans of tfsec with Software Composition Analysis tools mention this vulnerability, which leads to failing pipelines in our CI/CD tool.
What is expected?
The version of the go-git library is bumped from 5.5. to 5.11, where CVE-2023-49569 is fixed.
Additional context:
GHSA-449p-3h89-pw88
Beta Was this translation helpful? Give feedback.
All reactions