Skip to content

fix: bump go-git to v5.19.1 to remediate CVE-2026-45570 and CVE-2026-45571#21

Open
plural-copilot[bot] wants to merge 1 commit into
mainfrom
agent/bump-go-git-v5-19-1-1748455985699
Open

fix: bump go-git to v5.19.1 to remediate CVE-2026-45570 and CVE-2026-45571#21
plural-copilot[bot] wants to merge 1 commit into
mainfrom
agent/bump-go-git-v5-19-1-1748455985699

Conversation

@plural-copilot

Copy link
Copy Markdown

Summary

Bumps github.com/go-git/go-git/v5 from v5.19.0 to v5.19.1 to remediate two security vulnerabilities.

Vulnerabilities Fixed

CVE Severity Description
CVE-2026-45571 Medium (CVSS 5.4) Crafted repository data can modify .git directories via path validation bypass
CVE-2026-45570 Low SSH transport doesn't escape single quotes in repo paths, allowing escape from quoted shell region on vulnerable SSH servers

Advisory Links

Impact

Rebuilding ghcr.io/pluralsh/git-server after this change will produce an image with the patched go-git dependency, resolving both CVEs identified by Trivy vulnerability scanning.

@plural-copilot plural-copilot Bot left a comment

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR was generated by the codex Plural Agent Runtime. Here's some useful information you might want to know to evaluate the ai's perfomance:

Name Details
💬 Prompt ## Task: Bump go-git dependency to fix security vulnerabilities...
🔗 Run history View run history

@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedgithub.com/​go-git/​go-git/​v5@​v5.19.0 ⏵ v5.19.182 +1100 +3100100100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants