Skip to content

Use Go pseudo-version for GHSA-5465-XC2J-6P84#7837

Open
cookesan wants to merge 1 commit into
github:cookesan/advisory-improvement-7837from
cookesan:ghsa-5465-xc2j-6p84-go-version
Open

Use Go pseudo-version for GHSA-5465-XC2J-6P84#7837
cookesan wants to merge 1 commit into
github:cookesan/advisory-improvement-7837from
cookesan:ghsa-5465-xc2j-6p84-go-version

Conversation

@cookesan
Copy link
Copy Markdown

@cookesan cookesan commented May 29, 2026

Summary

Updates the Go fixed version for github.com/openshift/apiserver-library-go in GHSA-5465-XC2J-6P84 from 0.0.0-20230120221150-cefee9e0162b to 0.0.0-20230119093715-30f75d79e424.

The Go vulnerability database record for GO-2023-1549 lists github.com/openshift/apiserver-library-go as fixed in the pseudo-version v0.0.0-20230119093715-30f75d79e424. The advisory JSON stores Go versions without the leading v, so this uses the corresponding OSV version string.
https://pkg.go.dev/vuln/GO-2023-1549

Validation

  • Confirmed no open pull request in github/advisory-database currently touches this advisory file.
  • Confirmed current upstream main still has 0.0.0-20230120221150-cefee9e0162b for this fixed version.
  • Ran OSV schema validation for the updated advisory JSON.
  • Resolved github.com/openshift/apiserver-library-go@v0.0.0-20230119093715-30f75d79e424 with go list -m -json.

@github-actions github-actions Bot changed the base branch from main to cookesan/advisory-improvement-7837 May 29, 2026 04:46
@cookesan cookesan marked this pull request as ready for review May 29, 2026 04:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cookesan