Skip to content

chore(deps): update go-getter to resolve GHSA-wjrx-6529-hcj3 #4102

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 19, 2025
Merged

chore(deps): update go-getter to resolve GHSA-wjrx-6529-hcj3 #4102

merged 1 commit into from
Aug 19, 2025

Conversation

brandtkeller
Copy link
Member

Description

Resolves vulnerability GHSA-wjrx-6529-hcj3. the use of this dependency originates from Syft and we need to wait for them to release.

Given the timeline to release - doing this now is advantageous.

Related Issue

No issue

Checklist before merging

@brandtkeller
chore(deps): update go-getter to resolve GHSA-wjrx-6529-hcj3
9d08e0f 
Signed-off-by: Brandt Keller <brandt.keller@defenseunicorns.com>
@brandtkeller brandtkeller self-assigned this Aug 19, 2025
@brandtkeller brandtkeller requested review from a team as code owners August 19, 2025 18:29
@netlify Netlify
Copy link

netlify bot commented Aug 19, 2025
edited
Loading

Deploy Preview for zarf-docs canceled.

Name Link
🔨 Latest commit 9d08e0f
🔍 Latest deploy log https://app.netlify.com/projects/zarf-docs/deploys/68a4c297bbc263000874482d

@codecov Codecov
Copy link

codecov bot commented Aug 19, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.
see 1 file with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@brandtkeller brandtkeller added this pull request to the merge queue Aug 19, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Aug 19, 2025
@brandtkeller brandtkeller added this pull request to the merge queue Aug 19, 2025
Merged via the queue into main with commit 4ca2fac Aug 19, 2025
27 checks passed
@brandtkeller brandtkeller deleted the hotfix_go-getter_vuln branch August 19, 2025 21:03
@brandtkeller brandtkeller mentioned this pull request Aug 20, 2025
Open
Ansible-man pushed a commit to Ansible-man/zarf that referenced this pull request Sep 6, 2025
@brandtkeller @Ansible-man
chore(deps): update go-getter to resolve GHSA-wjrx-6529-hcj3 (zarf-de…
7a10da9 
…v#4102)

Signed-off-by: Brandt Keller <brandt.keller@defenseunicorns.com>
Signed-off-by: Cade Thomas <cadethomas23@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AustinAbro321 AustinAbro321 AustinAbro321 approved these changes

Assignees

@brandtkeller brandtkeller

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@brandtkeller @AustinAbro321