Skip to content

x/website, x/pkgsite, x/build/cmd/relui, vscode-go, x/telemetry: vulnerability GHSA-3xgq-45jj-v275/CVE-2024-21538 in cross-spawn dependency version 7.0.3 #71118

New issue
New issue
Open
Open
x/website, x/pkgsite, x/build/cmd/relui, vscode-go, x/telemetry: vulnerability GHSA-3xgq-45jj-v275/CVE-2024-21538 in cross-spawn dependency version 7.0.3#71118
Assignees
jba
Labels
NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.Securitypkgsitewebsite
Milestone
 
pkgsite/backlog
@pcreager23

Description

@pcreager23
pcreager23
opened on Jan 3, 2025

Go version

1.23.4

Output of go env in your module/workspace:

N/A - Container-based (docker image) scan.

What did you do?

Anchore scans run periodically.

What did you see happen?

Vulnerability scanners (such as Anchore) are detecting GHSA-3xgq-45jj-v275/CVE-2024-21538 in cross-spawn 7.0.3. That dependency needs to be upgraded to 7.0.5 or higher. Thank you.

Note: This was reported as Issue 71114, but that was closed with not planned. It is not a duplicate according to issue search, so asking for an explanation.

What did you expect to see?

Clean scan results.

Metadata

Metadata

Assignees

Labels

NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.Securitypkgsitewebsite

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions