Skip to content

🔒 Upgrade dependencies to address known CVEs #363

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
LordOverlord wants to merge 46 commits into
base: master
Choose a base branch
from
Open

🔒 Upgrade dependencies to address known CVEs #363

LordOverlord wants to merge 46 commits into from
+1,068 −452

Conversation

@LordOverlord
Copy link

@LordOverlord LordOverlord commented Jul 25, 2025

This PR updates several dependencies to mitigate known vulnerabilities:

Upgraded github.com/docker/docker to v26.1.5+incompatible to address:

    [CVE-2024-24557](https://avd.aquasec.com/nvd/cve-2024-24557)

    [CVE-2024-41110](https://avd.aquasec.com/nvd/cve-2024-41110)

Upgraded golang.org/x/sys to v0.32.0 to fix:

    CVE-2023-49946

Build tested across GOOS={linux,darwin,windows} with no regressions found.

This fork uses these updates to maintain security compliance for containerized environments and public registry publishing.

Let me know if adjustments or splitting of PRs is preferred. Happy to collaborate!

LordOverlord and others added 30 commits October 21, 2024 00:10
@LordOverlord
chenge to github actions, instead of circleci
ee40d9b
@LordOverlord
fixes to the github actions
aafd63a
@LordOverlord
changed GA to avoid tagging
b9d3c62
@LordOverlord
changed GA to avoid tagging
bb5e743
@LordOverlord
changes to GA
6de31ec
@LordOverlord
updated some dependencies on go.mod
51c8111
@LordOverlord
Merge pull request #1 from LordOverlord/dev
387cea7 
Dev
@LordOverlord
added build for binaries
16f4c57
@LordOverlord
changes to releases
302c5ba
@LordOverlord
changes to releases
dd4fc3d
@LordOverlord
changes to dev releases
dbfa769
@LordOverlord
updated dependency
927977c
@LordOverlord
updated version dependency
7490222
@LordOverlord
go.mod dependencies
044036f
@LordOverlord
changed references to bcicen
bfd1315
@LordOverlord
solving dependencies in go
7f6ae34
@LordOverlord
solving dependencies
7284413
@LordOverlord
dependiencies on go.mod and sum
761444b
@LordOverlord
changes to workflow dev
34b3940
@LordOverlord
change the binaries
8db80a4
@LordOverlord
change the binaries
28dd346
@LordOverlord
change to versions instead of timestamp
8cbd432
@LordOverlord
change tags
6e65fa4
@LordOverlord
change to versions instead of timestamp
6f85c57
@LordOverlord
Merge pull request #2 from LordOverlord/dev
fa78817 
Dev
@LordOverlord
rework ga master
031dfc1
@LordOverlord
Merge pull request #3 from LordOverlord/dev
082c401 
rework ga master
@LordOverlord
new tag
9c42cf3
@LordOverlord
mark false prerelease from master
92b7222
@LordOverlord
updated security issues dependencies
37b2705
LordOverlord and others added 15 commits October 21, 2024 03:21
Emme-123
Emme-123 reviewed Jul 29, 2025
View reviewed changes
cwidgets/main.go
import (
"github.com/bcicen/ctop/logging"
"github.com/bcicen/ctop/models"
"github.com/lordoverlord/ctop/logging"
Copy link

@Emme-123 Emme-123 Jul 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should these lines be changing if you are intending to merge into bcicen's repo?

Im not sure this repo is maintained anymore :(

Copy link
Author

@LordOverlord LordOverlord Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems correct, should change those lines to contribute to this repo..

@LordOverlord
CI/CD overhaul: hardened Docker image, unified releases, and security…
90e6a40 
… fixes (#5)

* rework of the runc for addresing high score vulnerabilities

* cleanup from dockerfile

* overhaul to github actions, binary and docker image

* fix for the docker job

* fix for snyk step
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@Emme-123 Emme-123 Emme-123 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@LordOverlord @Emme-123