Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[1.1 backport] build(deps): bump github.com/cyphar/filepath-securejoin #4140

Merged
merged 1 commit into from Dec 12, 2023
Merged

[1.1 backport] build(deps): bump github.com/cyphar/filepath-securejoin #4140

merged 1 commit into from Dec 12, 2023

Conversation

thaJeztah
Copy link
Member

Bumps github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4.

updated-dependencies:

  • dependency-name: github.com/cyphar/filepath-securejoin dependency-type: direct:production update-type: version-update:semver-patch ...

(cherry picked from commit c7ad274)

@dependabot @thaJeztah
build(deps): bump github.com/cyphar/filepath-securejoin
32a26a7 
Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.2.3 to 0.2.4.
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Commits](cyphar/filepath-securejoin@v0.2.3...v0.2.4)

---
updated-dependencies:
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit c7ad274)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
Copy link
Member Author

thaJeztah commented Dec 11, 2023
edited

As we're not targeting Windows, GHSA-6xv5-86q9-7xr8 is mostly "optics"; I noticed security scanners were flagging use of the dependency; e.g. https://deps.dev/go/github.com%2Fopencontainers%2Frunc/v1.1.10

@thaJeztah thaJeztah added this to the 1.1.11 milestone Dec 11, 2023
@thaJeztah thaJeztah mentioned this pull request Dec 11, 2023
Merged
cyphar
cyphar approved these changes Dec 12, 2023
View reviewed changes
Copy link
Member

@cyphar cyphar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, and yeah the issue doesn't affect us.

kolyshkin
kolyshkin approved these changes Dec 12, 2023
View reviewed changes
Copy link
Contributor

@kolyshkin kolyshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kolyshkin kolyshkin merged commit 4f13093 into opencontainers:release-1.1 Dec 12, 2023
29 checks passed
@kolyshkin
Copy link
Contributor

Goodness, are we making one more 1.1.x release?

@thaJeztah thaJeztah deleted the 1.1_backport_update_securejoin branch December 12, 2023 07:55
@thaJeztah
Copy link
Member Author

Not sure if we do (at least, I wouldn't do it for this dependency update 😂), but I found myself updating this "indirect" dependency, and thought I might as well update it where it's used (in case there's gonna be more 1.1.x releases)

@lifubang lifubang mentioned this pull request Dec 13, 2023
Merged
@lifubang lifubang mentioned this pull request Jan 1, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cyphar cyphar cyphar approved these changes

@kolyshkin kolyshkin kolyshkin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.1.11
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@thaJeztah @kolyshkin @cyphar