Replies: 2 comments 4 replies
-
|
I think I'd be in favor of switching to Chainguard's fork: https://github.com/chainguard-dev/git-urls |
Beta Was this translation helpful? Give feedback.
-
|
Can you please ? |
Beta Was this translation helpful? Give feedback.
-
|
Would you mind opening a PR making the switch? |
Beta Was this translation helpful? Give feedback.
-
|
bkirov@XXXXX0AZQ6LX argo-cd % git push --set-upstream origin fix-git-urls |
Beta Was this translation helpful? Give feedback.
-
|
You'll need to fork, push the branch to your fork, and then open a PR from that fork. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @crenshaw-dev here is the PR #17715 |
Beta Was this translation helpful? Give feedback.
-
what about this GHSA-3f2q-6294-fmq5
The library github.com/whilp/git-urls version 0.0.0-20191001220047-6db9661140c0 was detected in Golang binary located at /shared/argocd-dex and is vulnerable to CVE-2023-46402, which exists in versions <= 1.0.1. ,
The problem here is that the latest version of this repo is https://github.com/whilp/git-urls 1.0.0
So is there any option we can workaround this ?
Beta Was this translation helpful? Give feedback.
All reactions