Skip to content

security: vulnerability remediation#306

Open
kernel-internal[bot] wants to merge 1 commit into
mainfrom
security/vuln-remediation
Open

security: vulnerability remediation#306
kernel-internal[bot] wants to merge 1 commit into
mainfrom
security/vuln-remediation

Conversation

@kernel-internal

@kernel-internal kernel-internal Bot commented Jul 15, 2026

Copy link
Copy Markdown

Vulnerability Remediation

This PR was generated by the Socket-centric vulnerability remediation workflow. Review the planned dependency changes and confirmation evidence before merging.

Fixed

CVE/GHSA Package Ecosystem Old Version New Version Manifest Confirmation
GHSA-3fxj-6jh8-hvhx github.com/go-chi/chi/v5 None v5.2.3 5.3.0 confirmed

Not Included

  • Deferred by batch limit: 26 advisories. They will be considered by future runs.
  • Other deferred scanner findings: 2.
  • Unconfirmed attempted fixes: 0.
Deferred details
CVE/GHSA Package Reason
Unavailable from detector golang.org/x/crypto Missing CVE/GHSA identifier required for Socket fix planning.
Unavailable from detector google.golang.org/grpc Missing CVE/GHSA identifier required for Socket fix planning.

Note

Low Risk
Patch-level router dependency bump with no application code changes; typical low-risk security remediation.

Overview
Bumps github.com/go-chi/chi/v5 from v5.2.3 to v5.3.0 to address GHSA-3fxj-6jh8-hvhx, with matching go.sum checksum updates.

The module graph also reflects go mod housekeeping: github.com/klauspost/compress, github.com/pierrec/lz4/v4, and gopkg.in/yaml.v3 move from indirect to direct requires (and gopkg.in/yaml.v3 is no longer listed only under indirect).

Reviewed by Cursor Bugbot for commit 574241f. Bugbot is set up for automated code reviews on this repo. Configure here.

@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedgithub.com/​go-chi/​chi/​v5@​v5.2.3 ⏵ v5.3.070 +1100 +24100100100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant