Skip to content

filebrowser/2.32.0-r4: cve remediation #49939

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kbsteere merged 4 commits into from
Apr 14, 2025
Merged

filebrowser/2.32.0-r4: cve remediation #49939

kbsteere merged 4 commits into from
Apr 14, 2025

Conversation

@octo-sts
Copy link
Contributor

@octo-sts octo-sts bot commented Apr 11, 2025

filebrowser/2.32.0-r4: fix CVE-2025-22871

Advisory data: https://github.com/wolfi-dev/advisories/blob/main/filebrowser.advisories.yaml

"Breadcrumbs" for this automated service

@octo-sts octo-sts bot added P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. automated pr CVE-2025-22871 go/bump request-cve-remediation labels Apr 11, 2025
@octo-sts
Copy link
Contributor Author

octo-sts bot commented Apr 11, 2025

🔄 Build Failed: Git Checkout Error

fatal: Remote branch v2.32.0 not found in upstream origin

Build Details

Category Details
Build System go
Failure Point git clone --quiet --origin=origin --config=user.name=Melange Build --config=user.email=melange-build@cgr.dev --config=advice.detachedHead=false --branch=v2.32.0 --depth=1 https://github.com/filebrowser/filebrowser.git /tmp/tmp.sO9gaT

Root Cause Analysis 🔍

The git checkout step failed because it's trying to clone a specific branch 'v2.32.0', but this appears to be a tag, not a branch. The build system is trying to use the '--branch' flag with a tag value instead of using the '--tag' or appropriate flag for tags.

Was this comment helpful? Please use 👍 or 👎 reactions on this comment.

@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Apr 11, 2025
@kbsteere kbsteere self-assigned this Apr 11, 2025
kbsteere and others added 3 commits April 11, 2025 21:46
@kbsteere
Merge branch 'main' into cve-filebrowser-2f8af8a27b9bb564ea4e68a25af1…
52a875c 
…3388
@kbsteere
fixed build failure by adding nodejs into environement
b35698c 
Signed-off-by: Kyle Steere <kyle.steere@chainguard.dev>
@kbsteere
Merge branch 'cve-filebrowser-2f8af8a27b9bb564ea4e68a25af13388' of gi…
991cc86 
…thub.com:wolfi-dev/os into cve-filebrowser-2f8af8a27b9bb564ea4e68a25af13388
@octo-sts octo-sts bot added bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. manual/review-needed labels Apr 11, 2025
@kbsteere kbsteere enabled auto-merge (squash) April 14, 2025 12:15
@kbsteere kbsteere requested a review from a team April 14, 2025 12:16
@kbsteere kbsteere merged commit 6f18fe6 into main Apr 14, 2025
21 checks passed
@kbsteere kbsteere deleted the cve-filebrowser-2f8af8a27b9bb564ea4e68a25af13388 branch April 14, 2025 12:22
This was referenced May 20, 2025
Merged
Merged
Merged
This was referenced May 29, 2025
Closed
Merged
This was referenced Jun 14, 2025
Closed
Merged
Closed
This was referenced Jun 23, 2025
Merged
Closed
@octo-sts octo-sts bot mentioned this pull request Jul 3, 2025
Closed
This was referenced Jul 9, 2025
Merged
Merged
Merged
This was referenced Jul 25, 2025
Merged
Merged
Merged
@octo-sts octo-sts bot mentioned this pull request Aug 27, 2025
Merged
@octo-sts octo-sts bot mentioned this pull request Dec 8, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dnegreira dnegreira dnegreira approved these changes

Assignees

@kbsteere kbsteere

Labels

ai/skip-comment Stop AI from commenting on PR automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. CVE-2025-22871 go/bump manual/review-needed P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. request-cve-remediation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dnegreira @kbsteere