Skip to content

security: vulnerability remediation#42

Open
kernel-internal[bot] wants to merge 1 commit into
mainfrom
security/vuln-remediation
Open

security: vulnerability remediation#42
kernel-internal[bot] wants to merge 1 commit into
mainfrom
security/vuln-remediation

Conversation

@kernel-internal

@kernel-internal kernel-internal Bot commented Jul 15, 2026

Copy link
Copy Markdown

Vulnerability Remediation

This PR was generated by the Socket-centric vulnerability remediation workflow. Review the planned dependency changes and confirmation evidence before merging.

Fixed

CVE/GHSA Package Ecosystem Old Version New Version Manifest Confirmation
GHSA-p436-gjf2-799p github.com/docker/cli, github.com/google/go-containerregistry None v0.20.7 29.2.0+incompatible confirmed

Not Included

  • Deferred by batch limit: 7 advisories. They will be considered by future runs.
  • Other deferred scanner findings: 0.
  • Unconfirmed attempted fixes: 0.

Note

Low Risk
Dependency-only change with no application logic edits; risk is limited to possible subtle behavior differences in the patched indirect docker/cli version.

Overview
Addresses GHSA-p436-gjf2-799p by forcing the transitive github.com/docker/cli dependency from v29.0.3 to v29.2.0 via a new replace in go.mod, with matching go.sum updates.

There are no Go source changes; github.com/google/go-containerregistry remains at v0.20.7 in require. Only the resolved indirect Docker CLI version changes for builds that pull it through the container registry stack (e.g. lib/push.go and examples).

Reviewed by Cursor Bugbot for commit 3faeb28. Bugbot is set up for automated code reviews on this repo. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant