New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gomod: bump go-git/go-git/v5 to v5.11.0 for CVE-2023-49569 #724

Merged

keegancsmith merged 2 commits into sourcegraph:main from dflems:CVE-2023-49569

Jan 22, 2024

Contributor

dflems commented Jan 19, 2024

Not sure if sourcegraph is impacted by this vuln, but Snyk got noisy about this one. Lots of stuff wanted to update along with this change.


          gomod: bump go-git/go-git/v5 to v5.11.0 for CVE-2023-49569

a2cdd88

dflems force-pushed the CVE-2023-49569 branch from 2fcebc4 to a2cdd88 Compare

January 19, 2024 01:15

keegancsmith approved these changes

View reviewed changes

Member

keegancsmith left a comment

sourcegraph is not affected. But technically if someone used zoekt-indexserver against an untrusted git server this could effect it. Thanks!


          go mod tidy

33ef1e6

keegancsmith merged commit fdc6ba2 into sourcegraph:main

8 checks passed

dflems deleted the CVE-2023-49569 branch

January 22, 2024 13:44

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet