Skip to content

fix(go.mod): bump gomarkdown to fix GHSA-77fj-vx54-gvh7 (v2.32)#25225

Merged
Shelnutt2 merged 1 commit into
release/2.32from
cherry-pick/gomarkdown-fix-v232
May 12, 2026
Merged

fix(go.mod): bump gomarkdown to fix GHSA-77fj-vx54-gvh7 (v2.32)#25225
Shelnutt2 merged 1 commit into
release/2.32from
cherry-pick/gomarkdown-fix-v232

Conversation

@Shelnutt2
Copy link
Copy Markdown
Contributor

@Shelnutt2 Shelnutt2 commented May 12, 2026

Cherry-pick of #24567 (commit 869168b) to release/2.32.

Bumps github.com/gomarkdown/markdown from v0.0.0-20240930133441-72d49d9543d8 to v0.0.0-20260411013819-759bbc3e3207 to fix an out-of-bounds read in SmartypantsRenderer (GHSA-77fj-vx54-gvh7).

Refs https://linear.app/codercom/issue/ENT-29

Generated by Coder Agents

@CommanderK5 @Shelnutt2
chore: bump gomarkdown to patched revision (#24567)
7e2c76f 
Updates `github.com/gomarkdown/markdown` from
`v0.0.0-20240930133441-72d49d9543d8` to
`v0.0.0-20260411013819-759bbc3e3207`.

This pulls in the patched upstream revision for the markdown dependency.
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 12, 2026

👋 Hey @Shelnutt2!

This PR is targeting the release/2.32 release branch, but its title does not start with fix: or fix(scope):.

Only bug fixes should be cherry-picked to release branches. If this is a bug fix, please update the PR title to match the conventional commit format:

fix: description of the bug fix
fix(scope): description of the bug fix

If this is not a bug fix, it likely should not target a release branch.

@Shelnutt2 Shelnutt2 added dependencies Pull requests that update a dependency file cherry-pick/v2.32 labels May 12, 2026
@Shelnutt2 Shelnutt2 changed the title chore(go.mod): bump gomarkdown to fix GHSA-77fj-vx54-gvh7 (v2.32) fix(go.mod): bump gomarkdown to fix GHSA-77fj-vx54-gvh7 (v2.32) May 12, 2026
@Shelnutt2 Shelnutt2 marked this pull request as ready for review May 12, 2026 21:33
@Shelnutt2 Shelnutt2 merged commit a7e6c6e into release/2.32 May 12, 2026
58 of 65 checks passed
@Shelnutt2 Shelnutt2 deleted the cherry-pick/gomarkdown-fix-v232 branch May 12, 2026 23:03
@github-actions github-actions Bot locked and limited conversation to collaborators May 12, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@f0ssel f0ssel f0ssel approved these changes

@jdomeracki-coder jdomeracki-coder Awaiting requested review from jdomeracki-coder

Assignees

@Shelnutt2 Shelnutt2

Labels

cherry-pick/v2.32 dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Shelnutt2 @f0ssel @CommanderK5