Skip to content

Additional version affected ranges for GHSA-274v-mgcv-cm8j #736

Open
@xnox

Description

@xnox

GHSA-274v-mgcv-cm8j

the above security lists argocd version ranges as affected product, but not his project / go module.

Please consider updating this advisory to include:

0.7.1-0.20250129155113-7e21b91e9d0f as the fixed version
<= 0.7.1-0.20250124211812-d78929e7f6c7 as the affected versions

Because it is tripping up GO vulnerability scanners (Snyk and Twistlock) due to no advisories being published for the argocd 2.14 onwards; and the gitops-engine go module versions have no declared fixed version as above.

The module versions above were generated with go get on the commit that fixes the advisory and the one before it; and matches the module update version that got merged into argocd.

Also see:

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions