Skip to content

Update containers-syft-packages-extractor to v1.0.18 (AST-112118) #23

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cx-shaked-karta merged 3 commits into from
Oct 10, 2025
Merged

Update containers-syft-packages-extractor to v1.0.18 (AST-112118) #23

cx-shaked-karta merged 3 commits into from
Oct 10, 2025

Conversation

@cx-shaked-karta
Copy link
Collaborator

@cx-shaked-karta cx-shaked-karta commented Oct 10, 2025

Update containers-syft-packages-extractor to v1.0.18 (AST-112118)

@cx-andre-macedo
Copy link

cx-andre-macedo commented Oct 10, 2025
edited by cx-shaked-karta
Loading

Logo
Checkmarx One – Scan Summary & Details2c80d842-1c07-4e6c-8e9f-0dbb20b931b5

New Issues (1)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
MEDIUM CVE-2025-27144 Go-gopkg.in/go-jose/go-jose.v2-v2.6.3
detailsDescription: Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryptio...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: qHdaKgMwY8g3lvNIQSuz65mngBUW4425YlRA27l1r3c%3D
Vulnerable Package
Fixed Issues (5)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
MEDIUM CVE-2025-52893 Go-github.com/mitchellh/mapstructure-v1.5.0
MEDIUM CVE-2025-55198 Go-helm.sh/helm/v3-v3.17.4
MEDIUM CVE-2025-55199 Go-helm.sh/helm/v3-v3.17.4
MEDIUM CVE-2025-58058 Go-github.com/ulikunitz/xz-v0.5.12
MEDIUM Cx17483713-ac68 Go-github.com/go-viper/mapstructure/v2-v2.3.0

Use @Checkmarx to reach out to us for assistance.

Just send a PR comment with @Checkmarx followed by a natural language request.

Examples: @Checkmarx how are you able to help me? @Checkmarx rescan this PR

Update go.mod and go.sum: Bump various dependencies including go-vipe…
2ed42cc 
…r/mapstructure to v2.3.1, rubenv/sql-migrate to v1.8.0, and helm.sh/helm to v3.18.5. Remove outdated dependencies and add new indirect dependencies for cespare/xxhash and santhosh-tekuri/jsonschema.
@cx-shaked-karta
Copy link
Collaborator Author

cx-shaked-karta commented Oct 10, 2025

@Checkmarx rescan this PR

@cx-andre-macedo
Copy link

cx-andre-macedo commented Oct 10, 2025

@Checkmarx rescan this PR

I've successfully initiated security scans on both branches:

  • Source branch (sk-ast-112118): Scan started
  • Target branch (main): Scan started

The scans are now running and results will be available once they complete.

@cx-shaked-karta cx-shaked-karta merged commit d9209e2 into main Oct 10, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cx-shaked-karta @cx-andre-macedo