Skip to content

[🐸 Frogbot] Update Go dependencies#1302

Open
github-actions[bot] wants to merge 1 commit into
devfrom
frogbot-update-6f6516321b258f2fb52516251a172605-dependencies-dev
Open

[🐸 Frogbot] Update Go dependencies#1302
github-actions[bot] wants to merge 1 commit into
devfrom
frogbot-update-6f6516321b258f2fb52516251a172605-dependencies-dev

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot commented May 8, 2026
edited
Loading

🚨 This automated pull request was created by Frogbot and fixes the below:

📦 Vulnerable Dependencies

Severity ID Contextual Analysis Direct Dependencies Impacted Dependency Fixed Versions
high
High		 CVE-2026-33814 Applicable github.com/grokify/mogo:v0.74.0
github.com/jfrog/jfrog-cli-artifactory:v0.8.1-0.20260508123058-25d218a0eca9
github.com/jfrog/jfrog-cli-security:v1.29.0
golang.org/x/net:v0.52.0		 golang.org/x/net v0.52.0 [0.53.0]
high
High		 CVE-2026-44973 Not Covered github.com/go-git/go-billy/v5:v5.8.0
github.com/go-git/go-git/v5:v5.18.0
github.com/jfrog/jfrog-cli-artifactory:v0.8.1-0.20260508123058-25d218a0eca9
github.com/jfrog/jfrog-cli-core/v2:v2.60.1-0.20260504054219-ba16d20c7b0f
github.com/jfrog/jfrog-cli-security:v1.29.0		 github.com/go-git/go-billy/v5 v5.8.0 [5.9.0]
medium
Medium		 CVE-2026-45571 Not Covered github.com/go-git/go-git/v5:v5.18.0
github.com/jfrog/jfrog-cli-artifactory:v0.8.1-0.20260508123058-25d218a0eca9
github.com/jfrog/jfrog-cli-core/v2:v2.60.1-0.20260504054219-ba16d20c7b0f
github.com/jfrog/jfrog-cli-security:v1.29.0		 github.com/go-git/go-git/v5 v5.18.0 [5.19.1]

🔖 Details

[ CVE-2026-33814 ] golang.org/x/net v0.52.0

Vulnerability Details
Contextual Analysis: Applicable
Direct Dependencies: github.com/grokify/mogo:v0.74.0, github.com/jfrog/jfrog-cli-artifactory:v0.8.1-0.20260508123058-25d218a0eca9, github.com/jfrog/jfrog-cli-security:v1.29.0, golang.org/x/net:v0.52.0
Impacted Dependency: golang.org/x/net:v0.52.0
Fixed Versions: [0.53.0]
CVSS V3: 7.5

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

[ CVE-2026-44973 ] github.com/go-git/go-billy/v5 v5.8.0

Vulnerability Details
Contextual Analysis: Not Covered
Direct Dependencies: github.com/go-git/go-billy/v5:v5.8.0, github.com/go-git/go-git/v5:v5.18.0, github.com/jfrog/jfrog-cli-artifactory:v0.8.1-0.20260508123058-25d218a0eca9, github.com/jfrog/jfrog-cli-core/v2:v2.60.1-0.20260504054219-ba16d20c7b0f, github.com/jfrog/jfrog-cli-security:v1.29.0
Impacted Dependency: github.com/go-git/go-billy/v5:v5.8.0
Fixed Versions: [5.9.0]
CVSS V3: 8.1

go-billy has path traversal vulnerabilities

[ CVE-2026-45571 ] github.com/go-git/go-git/v5 v5.18.0

Vulnerability Details
Contextual Analysis: Not Covered
Direct Dependencies: github.com/go-git/go-git/v5:v5.18.0, github.com/jfrog/jfrog-cli-artifactory:v0.8.1-0.20260508123058-25d218a0eca9, github.com/jfrog/jfrog-cli-core/v2:v2.60.1-0.20260504054219-ba16d20c7b0f, github.com/jfrog/jfrog-cli-security:v1.29.0
Impacted Dependency: github.com/go-git/go-git/v5:v5.18.0
Fixed Versions: [5.19.1]
CVSS V3: 5.4

go-git: Crafted repositories may modify main and submodule .git directories

@github-actions github-actions Bot force-pushed the frogbot-update-6f6516321b258f2fb52516251a172605-dependencies-dev branch 3 times, most recently from ed23496 to 415f2db Compare May 15, 2026 01:08
@github-actions github-actions Bot force-pushed the frogbot-update-6f6516321b258f2fb52516251a172605-dependencies-dev branch from 415f2db to cff7e55 Compare May 20, 2026 01:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@JFrog-Frogbot