chore: update vulnerable packages by keegancsmith · Pull Request #1229 · sourcegraph/src-cli
Conversation
Copy link Copy Markdown
Member
keegancsmith
commented
Dec 8, 2025
keegancsmith
commented
I did the minimal upgrades needed to resolve the CVE's reported by trivy.
- CVE-2025-54410 github.com/docker/docker v25.0.6 -> v28.0.0
- GHSA-vrw8-fxc6-2r93 github.com/go-chi/chi/v5 v5.0.10 -> v5.2.2
- CVE-2025-47908 github.com/rs/cors v1.9.0 -> v1.11.0
- CVE-2025-47914 golang.org/x/crypto v0.43.0 -> v0.45.0
- CVE-2025-58181 golang.org/x/crypto
Test Plan: CI
I did the minimal upgrades needed to resolve the CVE's reported by trivy. - CVE-2025-54410 github.com/docker/docker v25.0.6 -> v28.0.0 - GHSA-vrw8-fxc6-2r93 github.com/go-chi/chi/v5 v5.0.10 -> v5.2.2 - CVE-2025-47908 github.com/rs/cors v1.9.0 -> v1.11.0 - CVE-2025-47914 golang.org/x/crypto v0.43.0 -> v0.45.0 - CVE-2025-58181 golang.org/x/crypto Test Plan: CI
keegancsmith
requested review from
a team and
evict
burmudar approved these changes Dec 8, 2025
evict approved these changes Dec 8, 2025
Copy link Copy Markdown
Contributor
evict
left a comment
evict
left a comment
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🙏
eseliger approved these changes Dec 8, 2025
keegancsmith
deleted the
k/vuln
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
4 participants