sec: update go-getter to latest version #2023

Starttoaster · 2024-04-20T07:54:26Z

Description

go-getter is vulnerable to argument injection. This update closes that.

I've read the guidelines for contributing to this repository.
I've added tests that prove my fix is effective or that my feature works.
I've updated the documentation with the relevant information (if needed).
I've added usage information (if the PR introduces new options)
I've included a "before" and "after" example to the description (if the PR is a user interface change).

CLAassistant · 2024-04-20T07:54:31Z

All committers have signed the CLA.

chen-keinan · 2024-04-20T11:24:50Z

@Starttoaster its in-direct dependency , it needed to be override otherwise its not fixed

Signed-off-by: chenk <hen.keinan@gmail.com>

Starttoaster requested a review from chen-keinan as a code owner April 20, 2024 07:54

Starttoaster changed the title ~~Update go-getter to latest version~~ chore: Update go-getter to latest version Apr 20, 2024

github-actions bot added the misc label Apr 20, 2024

Starttoaster and others added 2 commits April 20, 2024 14:51

sec: update go-getter to latest version

0ea0573

sec: fix CVE-2024-3817

1611e4f

Signed-off-by: chenk <hen.keinan@gmail.com>

chen-keinan force-pushed the go-getter branch from f08358d to 1611e4f Compare April 20, 2024 11:52

chen-keinan approved these changes Apr 20, 2024

View reviewed changes

chen-keinan changed the title ~~chore: Update go-getter to latest version~~ sec: update go-getter to latest version Apr 20, 2024

chen-keinan merged commit a509895 into aquasecurity:main Apr 20, 2024
8 checks passed