Skip to content

helm-push/0.10.4-r25: cve remediation #50161

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
AmberArcadia merged 3 commits into from
Apr 16, 2025
Merged

helm-push/0.10.4-r25: cve remediation #50161

AmberArcadia merged 3 commits into from
Apr 16, 2025

Conversation

@octo-sts
Copy link
Contributor

@octo-sts octo-sts bot commented Apr 12, 2025

helm-push/0.10.4-r25: fix GHSA-5xqw-8hwv-wg92

Advisory data: https://github.com/wolfi-dev/advisories/blob/main/helm-push.advisories.yaml

"Breadcrumbs" for this automated service

@octo-sts
Copy link
Contributor Author

octo-sts bot commented Apr 12, 2025

📦 Build Failed: Missing Dependency

failed to run update. Error: package google.golang.org/grpc was not found on the go.mod file. Please remove the package or add it to the list of 'replaces'

Build Details

Category Details
Build System Go (Golang)
Failure Point go/bump step during gobump execution

Root Cause Analysis 🔍

The build is trying to update the google.golang.org/grpc package, but this package is not found in the go.mod file. The gobump tool requires all packages being updated to either exist in go.mod or be explicitly listed in the 'replaces' argument.

Was this comment helpful? Please use 👍 or 👎 reactions on this comment.

@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Apr 12, 2025
@dnegreira
remove grpc gobump
4d27d11 
Signed-off-by: David Negreira <david.negreira@chainguard.dev>
@dnegreira dnegreira self-assigned this Apr 16, 2025
@octo-sts octo-sts bot added bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. manual/review-needed labels Apr 16, 2025
@dnegreira dnegreira requested a review from a team April 16, 2025 15:58
@AmberArcadia AmberArcadia merged commit 4614010 into main Apr 16, 2025
21 checks passed
@AmberArcadia AmberArcadia deleted the cve-helm-push-5c62ddef27c1c0b0d2d1ccb7112f1a21 branch April 16, 2025 17:26
This was referenced Jul 9, 2025
Merged
Merged
Merged
Merged
Closed
@octo-sts octo-sts bot mentioned this pull request Jul 30, 2025
Merged
@octo-sts octo-sts bot mentioned this pull request Nov 18, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AmberArcadia AmberArcadia AmberArcadia approved these changes

Assignees

@dnegreira dnegreira

Labels

ai/skip-comment Stop AI from commenting on PR automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. GHSA-5xqw-8hwv-wg92 go/bump manual/review-needed request-cve-remediation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@AmberArcadia @dnegreira