Skip to content

Commit 9efa5a7

Browse files
thaJeztahthaJeztah
committed
vendor: github.com/cyphar/filepath-securejoin v0.2.4
update the dependency to v0.2.4 to prevent scanners from flagging the vulnerability (GHSA-6xv5-86q9-7xr8 / GO-2023-2048). Note that that vulnerability only affects Windows, so should not impact Buildkit itself (which currently doesn't support Windows). full diff: cyphar/filepath-securejoin@v0.2.3...v0.2.4 Signed-off-by: Sebastiaan van Stijn <[email protected]>
1 parent 3b6880d commit 9efa5a7

File tree

7 files changed

+17
-28
lines changed

7 files changed

+17
-28
lines changed

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -121,7 +121,7 @@ require (
121121
github.com/containerd/ttrpc v1.2.2 // indirect
122122
github.com/containernetworking/cni v1.1.2 // indirect
123123
github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
124-
github.com/cyphar/filepath-securejoin v0.2.3 // indirect
124+
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
125125
github.com/davecgh/go-spew v1.1.1 // indirect
126126
github.com/dimchansky/utfbom v1.1.1 // indirect
127127
github.com/docker/docker-credential-helpers v0.7.0 // indirect

go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -408,8 +408,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t
408408
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
409409
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
410410
github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4=
411-
github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI=
412-
github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
411+
github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
412+
github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
413413
github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ=
414414
github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s=
415415
github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8=

vendor/github.com/cyphar/filepath-securejoin/.travis.yml

Lines changed: 0 additions & 21 deletions
This file was deleted.

vendor/github.com/cyphar/filepath-securejoin/README.md

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/github.com/cyphar/filepath-securejoin/VERSION

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/github.com/cyphar/filepath-securejoin/join.go

Lines changed: 11 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/modules.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -419,7 +419,7 @@ github.com/coreos/go-systemd/v22/daemon
419419
# github.com/cpuguy83/go-md2man/v2 v2.0.2
420420
## explicit; go 1.11
421421
github.com/cpuguy83/go-md2man/v2/md2man
422-
# github.com/cyphar/filepath-securejoin v0.2.3
422+
# github.com/cyphar/filepath-securejoin v0.2.4
423423
## explicit; go 1.13
424424
github.com/cyphar/filepath-securejoin
425425
# github.com/davecgh/go-spew v1.1.1

0 commit comments

Comments
 (0)