fix(deps): update module github.com/go-git/go-git/v5 to v5.16.5 [security] by renovate[bot] · Pull Request #355 · aevea/release-notary

renovate · 2025-01-06T16:36:06Z

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/go-git/go-git/v5	`v5.11.0` → `v5.16.5`

GitHub Vulnerability Alerts

CVE-2025-21613

Impact

An argument injection vulnerability was discovered in go-git versions prior to v5.13.

Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries.

Affected versions

Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.

Workarounds

In cases where a bump to the latest version of go-git is not possible, we recommend users to enforce restrict validation rules for values passed in the URL field.

Credit

Thanks to @vin01 for responsibly disclosing this vulnerability to us.

CVE-2025-21614

Impact

A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients.

This is a go-git implementation issue and does not affect the upstream git cli.

Patches

Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.

Workarounds

In cases where a bump to the latest version of go-git is not possible, we recommend limiting its use to only trust-worthy Git servers.

Credit

Thanks to Ionut Lalu for responsibly disclosing this vulnerability to us.

CVE-2026-25934

Impact

A vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found.

For context, clients fetch packfiles from upstream Git servers. Those files contain a checksum of their contents, so that clients can perform integrity checks before consuming it. The pack indexes (.idx) are generated locally by go-git, or the git cli, when new .pack files are received and processed. The integrity checks for both files were not being verified correctly.

Note that the lack of verification of the packfile checksum has no impact on the trust relationship between the client and server, which is enforced based on the protocol being used (e.g. TLS in the case of https:// or known hosts for ssh://). In other words, the packfile checksum verification does not provide any security benefits when connecting to a malicious or compromised Git server.

Patches

Users should upgrade to v5.16.5, or the latest v6 pseudo-version, in order to mitigate this vulnerability.

Workarounds

In case updating to a fixed version of go-git is not possible, users can run git fsck from the git cli to check for data corruption on a given repository.

Credit

Thanks @N0zoM1z0 for finding and reporting this issue privately to the go-git project.

Release Notes

go-git/go-git (github.com/go-git/go-git/v5)

`v5.16.5`

Compare Source

What's Changed

build: Update module golang.org/x/crypto to v0.45.0 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in #1744
build: Bump Go test versions to 1.23-1.25 (v5) by @pjbgf in #1746
[v5] git: worktree, Don't delete local untracked files when resetting worktree by @Ch00k in #1800
Expand packfile checks by @pjbgf in #1836

Full Changelog: go-git/go-git@v5.16.4...v5.16.5

`v5.16.4`

Compare Source

What's Changed

backport plumbing: format/idxfile, prevent panic by @swills in #1732
[backport] build: test, Fix build on Windows. by @pjbgf in #1734
build: Update module golang.org/x/net to v0.38.0 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in #1742
build: Update module github.com/cloudflare/circl to v1.6.1 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in #1741
build: Update module github.com/go-git/go-git/v5 to v5.13.0 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in #1743

Full Changelog: go-git/go-git@v5.16.3...v5.16.4

`v5.16.3`

Compare Source

What's Changed

internal: Expand regex to fix build [5.x] by @baloo in #1644
build: raise timeouts for windows CI tests and disable CIFuzz [5.x] by @baloo in #1646
plumbing: support commits extra headers, support jujutsu signed commit [5.x] by @baloo in #1633

Full Changelog: go-git/go-git@v5.16.2...v5.16.3

`v5.16.2`

Compare Source

What's Changed

utils: fix diff so subpaths work for sparse checkouts, fixes 1455 to releases/v5.x by @kane8n in #1567

Full Changelog: go-git/go-git@v5.16.1...v5.16.2

`v5.16.1`

Compare Source

What's Changed

utils: merkletrie, Fix diff on sparse-checkout index. Fixes #1406 to releases/v5.x by @kane8n in #1561

New Contributors

@kane8n made their first contribution in #1561

Full Changelog: go-git/go-git@v5.16.0...v5.16.1

`v5.16.0`

Compare Source

What's Changed

[v5] plumbing: support mTLS for HTTPS protocol by @hiddeco in #1510
v5: plumbing: transport, Reintroduce SetHostKeyCallback. Fix #1514 by @pjbgf in #1515

Full Changelog: go-git/go-git@v5.15.0...v5.16.0

`v5.15.0`

Compare Source

What's Changed

plumbing: add cert auth support to releases/v5.x by @Javier-varez in #1482
v5: Bump dependencies by @pjbgf in #1505

Full Changelog: go-git/go-git@v5.14.0...v5.15.0

`v5.14.0`

Compare Source

What's Changed

v5: Bump Go and dependencies to mitigate GO-2025-3487 by @pjbgf in #1436

⚠️ Note that this version requires Go 1.23, due to the bump to golang.org/x/crypto@v0.35.0 which mitigates the CVE above. User's that can't bump to Go 1.23 will need to remain on the previous v5.13.x release.

Full Changelog: go-git/go-git@v5.13.2...v5.14.0

`v5.13.2`

Compare Source

What's Changed

plumbing: use the correct user agent string. Fixes #883 by @uragirii in #1364
build: bump golang.org/x/sys from 0.28.0 to 0.29.0 in the golang-org group by @dependabot in #1365
build: bump the golang-org group with 2 updates by @dependabot in #1367
build: bump github.com/ProtonMail/go-crypto from 1.1.3 to 1.1.4 by @dependabot in #1368
build: bump github.com/go-git/go-billy/v5 from 5.6.1 to 5.6.2 by @dependabot in #1378
build: bump github/codeql-action from 3.28.0 to 3.28.1 by @dependabot in #1376
build: bump github.com/elazarl/goproxy from 1.2.3 to 1.4.0 by @dependabot in #1377
git: worktree, fix restoring dot slash files (backported to v5). Fixes #1176 by @BeChris in #1361
build: bump github.com/pjbgf/sha1cd from 0.3.0 to 0.3.2 by @dependabot in #1392
git: worktree_status, fix adding dot slash files to working tree (backported to v5). Fixes #1150 by @BeChris in #1359
build: bump github.com/ProtonMail/go-crypto from 1.1.4 to 1.1.5 by @dependabot in #1383

Full Changelog: go-git/go-git@v5.13.1...v5.13.2

`v5.13.1`

Compare Source

What's Changed

build: bump github.com/go-git/go-billy/v5 from 5.6.0 to 5.6.1 by @dependabot in #1327
build: bump github.com/elazarl/goproxy from 1.2.1 to 1.2.2 by @dependabot in #1329
build: bump github.com/elazarl/goproxy from 1.2.2 to 1.2.3 by @dependabot in #1340
Revert "plumbing: transport/ssh, Add support for SSH @cert-authority." by @pjbgf in #1346

Full Changelog: go-git/go-git@v5.13.0...v5.13.1

`v5.13.0`

Compare Source

What's Changed

build: bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 in /cli/go-git by @dependabot in #1065
build: bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in #1068
build: bump golang.org/x/net from 0.23.0 to 0.24.0 by @dependabot in #1071
Properly support skipping of non-mandatory extensions by @codablock in #1066
git: Refine some codes in test and non-test. by @onee-only in #1077
plumbing: protocol/packp, client-side filter capability support by @edigaryev in #1000
build: bump golang.org/x/net from 0.22.0 to 0.23.0 in /cli/go-git by @dependabot in #1078
plumbing: fix sideband demux on flush by @aymanbagabas in #1084
storage: dotgit, head reference usually comes first by @aymanbagabas in #1085
build: bump golang.org/x/text from 0.14.0 to 0.15.0 by @dependabot in #1091
build: bump golang.org/x/crypto from 0.22.0 to 0.23.0 by @dependabot in #1094
build: bump golang.org/x/net from 0.24.0 to 0.25.0 by @dependabot in #1093
git: Added an example for Repository.Branches by @johnmatthiggins in #1088
git: worktree_commit, Modify checking empty commit. Fixes #723 by @onee-only in #1050
plumbing: transport/http, Wrap http errors to return reason. Fixes #1097 by @ggambetti in #1100
build: bump golang.org/x/sys from 0.20.0 to 0.21.0 by @dependabot in #1106
build: bump golang.org/x/text from 0.15.0 to 0.16.0 by @dependabot in #1107
Bumps Go versions and go-billy by @pjbgf in #1056
_examples: Fixed a dead link COMPATIBILITY.md by @gecko655 in #1109
build: bump github.com/jessevdk/go-flags from 1.5.0 to 1.6.1 in /cli/go-git by @dependabot in #1115
build: bump github.com/elazarl/goproxy from v0.0.0-20230808193330-2592e75ae04a to v0.0.0-20240618083138-03be62527ccb by @hbelmiro in #1124
build: bump golang.org/x/net from 0.25.0 to 0.26.0 by @dependabot in #1104
Add option approximating git clean -x flag. by @msuozzo in #995
Revert "Add option approximating git clean -x flag." by @pjbgf in #1129
Fix reference updated concurrently error for the filesystem storer by @Javier-varez in #1116
build: bump golang.org/x/net from 0.26.0 to 0.27.0 by @dependabot in #1134
utils: merkletrie, Align error message with upstream by @pjbgf in #1142
plumbing: transport/file, Change paths to absolute by @pjbgf in #1141
plumbing: gitignore, Fix loading of ignored .gitignore files. by @Achilleshiel in #1114
build: bump github.com/skeema/knownhosts from 1.2.2 to 1.3.0 by @dependabot in #1147
plumbing: transport/ssh, Add support for SSH @cert-authority. by @Javier-varez in #1157
build: run example tests during CI workflow by @crazybolillo in #1030
storage: filesystem, Fix object cache not working due to uninitialised objects being put into cache by @SatelliteMind in #1138
git: Fix fetching missing commits by @AriehSchneier in #1032
plumbing: format/packfile, remove duplicate checks in findMatch() by @edigaryev in #1152
git: worktree, Fix file reported as Untracked while it is committed by @rodrigocam in #1023
build: bump golang.org/x/sys from 0.22.0 to 0.23.0 by @dependabot in #1160
plumbing: filemode, Remove check for setting size of .git/index file by @nicholasSUSE in #1159
build: bump golang.org/x/net from 0.27.0 to 0.28.0 by @dependabot in #1163
Fix some lint warning and increase stalebot to 180 days by @pjbgf in #1128
adjust path extracted from file: url on Windows by @tomqwpl in #416
build: bump golang.org/x/sys from 0.23.0 to 0.24.0 by @dependabot in #1164
Add RestoreStaged to Worktree that mimics the behaviour of git restore --staged ... by @ben-tbotlabs in #493
plumbing: signature, support the same x509 signature formats as git by @yoavamit in #1169
fix: allow discovery of non bare repos in fsLoader by @jakobmoellerdev in #1170
build: bump golang.org/x/sys from 0.24.0 to 0.25.0 by @dependabot in #1178
build: bump golang.org/x/text from 0.17.0 to 0.18.0 by @dependabot in #1179
build: bump golang.org/x/net from 0.28.0 to 0.29.0 by @dependabot in #1184
Consume push URLs when they are provided by @mcepl in #1191
*: use gocheck's MkDir instead of TempDir for tests. Fixes #807 by @uragirii in #1194
build: bump golang.org/x/net from 0.29.0 to 0.30.0 by @dependabot in #1200
worktree: .git/index not correctly generated when running on Windows by @BeChris in #1198
git: worktree, Fix sparse reset. Fixes #90 by @onee-only in #1101
git: worktree, Pass context on updateSubmodules. Fixes #1098 by @onee-only in #1154
build: bump github.com/go-git/go-billy/v5 from 5.5.1-0.20240427054813-8453aa90c6ec to 5.6.0 by @dependabot in #1211
Update contributing guidelines by @pjbgf in #1217
build: bump github.com/ProtonMail/go-crypto from 1.0.0 to 1.1.1 by @dependabot in #1222
build: bump golang.org/x/sys from 0.26.0 to 0.27.0 by @dependabot in #1223
build: bump golang.org/x/crypto from 0.28.0 to 0.29.0 by @dependabot in #1221
build: bump github.com/ProtonMail/go-crypto from 1.1.1 to 1.1.2 by @dependabot in #1226
build: bump github.com/stretchr/testify from 1.9.0 to 1.10.0 by @dependabot in #1232
build: bump github.com/ProtonMail/go-crypto from 1.1.2 to 1.1.3 by @dependabot in #1231
build: General improvements around fuzzing by @pjbgf in #1229
build: bump golang.org/x/net from 0.30.0 to 0.32.0 by @dependabot in #1241
build: group dependabot updates for golang.org by @AriehSchneier in #1243
build: bump github/codeql-action from 2.22.11 to 3.27.6 by @dependabot in #1244
build: bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /cli/go-git by @dependabot in #1246
build: bump golang.org/x/crypto from 0.30.0 to 0.31.0 by @dependabot in #1247
build: bump github.com/gliderlabs/ssh from 0.3.7 to 0.3.8 by @dependabot in #1248
add comment preventing people from creating invalid trees by @petar in #732
build: bump github/codeql-action from 3.27.6 to 3.27.9 by @dependabot in #1250
plumbing: Properly encode index version 4 by @BeChris in #1251
Fix typos by @deining in #1148
Fix reset files in subfolders by @linglo in #1177
git: update switch cases by @hezhizhen in #1182
build: bump golang.org/x/net from 0.32.0 to 0.33.0 in the golang-org group by @dependabot in #1256
fix(1212): Fix invalid reference name error while cloning branches containing /- by @varmakarthik12 in #1257
pktline : accept upercase hexadecimal value as pktline length information by @BeChris in #1220
build: bump github/codeql-action from 3.27.9 to 3.28.0 by @dependabot in #1260
build: bump github.com/elazarl/goproxy from 0.0.0-20240618083138-03be62527ccb to 1.2.1 by @dependabot in #1262
git: worktree_commit, sanitize author and commiter name and email before creating the commit object. Fixes #680 by @BeChris in #1261

New Contributors

@johnmatthiggins made their first contribution in #1088
@ggambetti made their first contribution in #1100
@gecko655 made their first contribution in #1109
@hbelmiro made their first contribution in #1124
@msuozzo made their first contribution in #995
@Javier-varez made their first contribution in #1116
@Achilleshiel made their first contribution in #1114
@crazybolillo made their first contribution in #1030
@SatelliteMind made their first contribution in #1138
@rodrigocam made their first contribution in #1023
@nicholasSUSE made their first contribution in #1159
@tomqwpl made their first contribution in #416
@ben-tbotlabs made their first contribution in #493
@yoavamit made their first contribution in #1169
@uragirii made their first contribution in #1194
@petar made their first contribution in #732
@deining made their first contribution in #1148
@linglo made their first contribution in #1177
@varmakarthik12 made their first contribution in #1257

Full Changelog: go-git/go-git@v5.12.0...v5.13.0

`v5.12.0`

Compare Source

What's Changed

git: Worktree.AddWithOptions: add skipStatus option when providing a specific path by @moranCohen26 in #994
git: Signer: fix usage of crypto.Signer interface by @wlynch in #1029
git: Remote, fetch, adds the prune option. by @juliens in #366
git: Add crypto.Signer option to CommitOptions. by @wlynch in #996
git: Worktree checkout tag hash id (#959) by @aymanbagabas in #966
git: Worktree, Don't panic on empty or root path when checking if it is valid by @tim775 in #1042
git: Add commit validation for Reset by @pjbgf in #1048
git: worktree_commit, Fix amend commit to apply changes. Fixes #1024 by @onee-only in #1045
git: Implement Merge function with initial FastForwardMerge support by @pjbgf in #1044
plumbing: object, Make first commit visible on logs filtered with filename. Fixes #191 by @onee-only in #1036
plumbing: no panic in printStats function. Fixes #177 by @nodivbyzero in #971
plumbing: object, Optimize logging with file. by @onee-only in #1046
plumbing: object, check legitimacy in (*Tree).Encode by @niukuo in #967
plumbing: format/gitattributes, close file in ReadAttributesFile by @prskr in #1018
plumbing: check setAuth error. Fixes #185 by @nodivbyzero in #969
plumbing: object, fix variable defaultUtf8CommitMessageEncoding name spell error by @Jerry-yz in #987
utils: merkletrie, calculate filesystem node's hash lazily. by @candid82 in #825
utils: update comment in node.go's Hash() by @codablock in #992
_example: fix 404 link and added ssh-agent clone link by @grinish21 in #1022
_example: checkout-branch example by @dlambda in #446
_example: example for git clone using ssh-agent by @pjbgf in #998

New Contributors

@candid82 made their first contribution in #825
@codablock made their first contribution in #992
@Jerry-yz made their first contribution in #987
@wlynch made their first contribution in #996
@moranCohen26 made their first contribution in #994
@grinish21 made their first contribution in #1022
@prskr made their first contribution in #1018
@dlambda made their first contribution in #446
@juliens made their first contribution in #366
@onee-only made their first contribution in #1036
@tim775 made their first contribution in #1042
@niukuo made their first contribution in #967
@avoidalone made their first contribution in #1047

Full Changelog: go-git/go-git@v5.11.0...v5.12.0

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate · 2025-01-06T16:36:07Z

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

14 additional dependencies were updated
The go directive was updated for compatibility reasons

Details:

Package	Change
`go`	`1.19` -> `1.21`
`github.com/stretchr/testify`	`v1.9.0` -> `v1.10.0`
`github.com/ProtonMail/go-crypto`	`v0.0.0-20230828082145-3c4c8a2d2371` -> `v1.1.3`
`github.com/cloudflare/circl`	`v1.3.3` -> `v1.3.7`
`github.com/cyphar/filepath-securejoin`	`v0.2.4` -> `v0.2.5`
`github.com/go-git/go-billy/v5`	`v5.5.0` -> `v5.6.0`
`github.com/sergi/go-diff`	`v1.1.0` -> `v1.3.2-0.20230802210424-5b0b94c5c0d3`
`github.com/skeema/knownhosts`	`v1.2.1` -> `v1.3.0`
`golang.org/x/crypto`	`v0.16.0` -> `v0.31.0`
`golang.org/x/exp`	`v0.0.0-20230905200255-921286631fa9` -> `v0.0.0-20240719175910-8a7402abbf56`
`golang.org/x/mod`	`v0.12.0` -> `v0.19.0`
`golang.org/x/net`	`v0.19.0` -> `v0.33.0`
`golang.org/x/sys`	`v0.15.0` -> `v0.28.0`
`golang.org/x/text`	`v0.14.0` -> `v0.21.0`
`golang.org/x/tools`	`v0.13.0` -> `v0.23.0`

socket-security · 2025-04-08T13:59:15Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	github.com/go-git/go-git/v5@v5.11.0 ⏵ v5.16.5	^-1	⁺⁷⁵
	github.com/stretchr/testify@v1.9.0 ⏵ v1.10.0	⁺¹

View full report

renovate · 2025-12-15T17:32:07Z

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

14 additional dependencies were updated
The go directive was updated for compatibility reasons

Details:

Package	Change
`go`	`1.19` -> `1.24.0`
`github.com/stretchr/testify`	`v1.9.0` -> `v1.10.0`
`github.com/Microsoft/go-winio`	`v0.6.1` -> `v0.6.2`
`github.com/ProtonMail/go-crypto`	`v0.0.0-20230828082145-3c4c8a2d2371` -> `v1.1.6`
`github.com/cloudflare/circl`	`v1.3.3` -> `v1.6.1`
`github.com/cyphar/filepath-securejoin`	`v0.2.4` -> `v0.4.1`
`github.com/go-git/go-billy/v5`	`v5.5.0` -> `v5.6.2`
`github.com/golang/groupcache`	`v0.0.0-20210331224755-41bb18bfe9da` -> `v0.0.0-20241129210726-2c02b8208cf8`
`github.com/pjbgf/sha1cd`	`v0.3.0` -> `v0.3.2`
`github.com/sergi/go-diff`	`v1.1.0` -> `v1.3.2-0.20230802210424-5b0b94c5c0d3`
`github.com/skeema/knownhosts`	`v1.2.1` -> `v1.3.1`
`golang.org/x/crypto`	`v0.16.0` -> `v0.45.0`
`golang.org/x/exp`	`v0.0.0-20230905200255-921286631fa9` -> `v0.0.0-20240719175910-8a7402abbf56`
`golang.org/x/net`	`v0.19.0` -> `v0.47.0`
`golang.org/x/sys`	`v0.15.0` -> `v0.38.0`

…rity]

renovate bot force-pushed the renovate/go-github.com-go-git-go-git-v5-vulnerability branch from 8e447aa to ab9c94e Compare March 3, 2025 15:13

renovate bot force-pushed the renovate/go-github.com-go-git-go-git-v5-vulnerability branch from ab9c94e to dba7b0e Compare March 11, 2025 10:15

renovate bot force-pushed the renovate/go-github.com-go-git-go-git-v5-vulnerability branch from dba7b0e to 5d11b2a Compare April 8, 2025 13:58

renovate bot force-pushed the renovate/go-github.com-go-git-go-git-v5-vulnerability branch from 5d11b2a to 5ddea61 Compare May 7, 2025 12:44

renovate bot force-pushed the renovate/go-github.com-go-git-go-git-v5-vulnerability branch from 5ddea61 to 4a0f138 Compare August 10, 2025 13:53

renovate bot force-pushed the renovate/go-github.com-go-git-go-git-v5-vulnerability branch from 4a0f138 to a8d40e0 Compare October 9, 2025 10:12

fix(deps): update module github.com/go-git/go-git/v5 to v5.16.5 [secu…

3eae8bc

…rity]

renovate bot changed the title ~~fix(deps): update module github.com/go-git/go-git/v5 to v5.13.0 [security]~~ fix(deps): update module github.com/go-git/go-git/v5 to v5.16.5 [security] Feb 10, 2026

renovate bot force-pushed the renovate/go-github.com-go-git-go-git-v5-vulnerability branch from a8d40e0 to 3eae8bc Compare February 10, 2026 01:27

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): update module github.com/go-git/go-git/v5 to v5.16.5 [security]#355

fix(deps): update module github.com/go-git/go-git/v5 to v5.16.5 [security]#355
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/go-github.com-go-git-go-git-v5-vulnerability

renovate bot commented Jan 6, 2025 •

edited

Loading

Uh oh!

renovate bot commented Jan 6, 2025 •

edited

Loading

Uh oh!

socket-security bot commented Apr 8, 2025 •

edited

Loading

Uh oh!

renovate bot commented Dec 15, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate bot commented Jan 6, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

GitHub Vulnerability Alerts

Impact

Affected versions

Workarounds

Credit

Impact

Patches

Workarounds

Credit

Impact

Patches

Workarounds

Credit

Release Notes

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

Configuration

Uh oh!

renovate bot commented Jan 6, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

ℹ Artifact update notice

File name: go.mod

Uh oh!

socket-security bot commented Apr 8, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

renovate bot commented Dec 15, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

ℹ️ Artifact update notice

File name: go.mod

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate bot commented Jan 6, 2025 •

edited

Loading

renovate bot commented Jan 6, 2025 •

edited

Loading

socket-security bot commented Apr 8, 2025 •

edited

Loading

renovate bot commented Dec 15, 2025 •

edited

Loading