Skip to content

helm-set-status/0.3.0-r2: cve remediation #63423

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kbsteere merged 4 commits into from
Aug 18, 2025
Merged

helm-set-status/0.3.0-r2: cve remediation #63423

kbsteere merged 4 commits into from
Aug 18, 2025

Conversation

@octo-sts
Copy link
Contributor

@octo-sts octo-sts bot commented Aug 17, 2025

helm-set-status/0.3.0-r2: fix GHSA-f9f8-9pmf-xv68

Advisory data: https://github.com/wolfi-dev/advisories/blob/main/helm-set-status.advisories.yaml

"Breadcrumbs" for this automated service

@octo-sts octo-sts bot added P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. automated pr GHSA-f9f8-9pmf-xv68 go/bump helm-set-status request-cve-remediation labels Aug 17, 2025
@vishal-chdhry vishal-chdhry self-assigned this Aug 18, 2025
@vishal-chdhry
Merge branch 'main' into cve-helm-set-status-0.3.0-r2-45daddae2bbf227…
b474a1f 
…f1c3eb7d61f7e0076

Signed-off-by: Vishal Choudhary <vishal.choudhary@chainguard.dev>
@octo-sts
Copy link
Contributor Author

octo-sts bot commented Aug 18, 2025
edited
Loading

📦 Build Failed: Missing Dependency

package github.com/docker/docker was not found on the go.mod file. Please remove the package or add it to the list of 'replaces'

Build Details

Category Details
Build System go/gobump
Failure Point go/bump step during dependency update process

Root Cause Analysis 🔍

The gobump tool is attempting to update the github.com/docker/docker package to version v28.0.0, but this package is not present in the project's go.mod file. The tool cannot update a dependency that doesn't exist in the module dependencies.

Was this comment helpful? Please use 👍 or 👎 reactions on this comment.

@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Aug 18, 2025
@vishal-chdhry
fix: drop docker
45ac8b9 
Signed-off-by: Vishal Choudhary <vishal.choudhary@chainguard.dev>
@octo-sts octo-sts bot added bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. manual/review-needed labels Aug 18, 2025
@kbsteere kbsteere enabled auto-merge (squash) August 18, 2025 17:02
@kbsteere kbsteere merged commit 85728d1 into main Aug 18, 2025
25 checks passed
@kbsteere kbsteere deleted the cve-helm-set-status-0.3.0-r2-45daddae2bbf227f1c3eb7d61f7e0076 branch August 18, 2025 17:02
@octo-sts octo-sts bot mentioned this pull request Dec 7, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kbsteere kbsteere kbsteere approved these changes

Assignees

@vishal-chdhry vishal-chdhry

Labels

ai/skip-comment Stop AI from commenting on PR automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. GHSA-f9f8-9pmf-xv68 go/bump helm-set-status manual/review-needed P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. request-cve-remediation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kbsteere @vishal-chdhry