fix: trim 0.0.1 has a CVE #720

benoitf · 2022-10-28T07:39:05Z

What does this PR do?

Update 3rd party library to a fixed version
GHSA-w5p7-h5w8-2hfq

note that it's only used at build time so there is no way that it's impacting Podman Desktop at runtime
But it'll remove security alerts from scanners

Screenshot/screencast of this PR

What issues does this PR fix or reference?

GHSA-w5p7-h5w8-2hfq

How to test this PR?

It's used in docusaurus for markdown rendering

Change-Id: I74e3b64741eee14bc8d6d5105cc0f7d996b7d989
Signed-off-by: Florent Benoit fbenoit@redhat.com

GHSA-w5p7-h5w8-2hfq note that it's only used at build time so there is no way that it's impacting Podman Desktop at runtime But it'll remove security alerts from scanners Change-Id: I74e3b64741eee14bc8d6d5105cc0f7d996b7d989 Signed-off-by: Florent Benoit <fbenoit@redhat.com>

GHSA-w5p7-h5w8-2hfq note that it's only used at build time so there is no way that it's impacting Podman Desktop at runtime But it'll remove security alerts from scanners Change-Id: I74e3b64741eee14bc8d6d5105cc0f7d996b7d989 Signed-off-by: Florent Benoit <fbenoit@redhat.com> Signed-off-by: Florent Benoit <fbenoit@redhat.com> Signed-off-by: Stévan Le Meur <1636769+slemeur@users.noreply.github.com>

benoitf requested review from vzhukovs and cdrage as code owners October 28, 2022 07:39

cdrage approved these changes Oct 28, 2022

View reviewed changes

cdrage merged commit 4883943 into containers:main Oct 28, 2022

podman-desktop-bot added this to the 0.10.0 milestone Oct 28, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: trim 0.0.1 has a CVE #720

fix: trim 0.0.1 has a CVE #720

benoitf commented Oct 28, 2022

fix: trim 0.0.1 has a CVE #720

fix: trim 0.0.1 has a CVE #720

Conversation

benoitf commented Oct 28, 2022

What does this PR do?

Screenshot/screencast of this PR

What issues does this PR fix or reference?

How to test this PR?