os icon indicating copy to clipboard operation
os copied to clipboard
verified publisher icon wolfi-dev

falcoctl/0.10.0-r1: cve remediation

Open octo-sts[bot] opened this issue 1 year ago • 1 comments

falcoctl/0.10.0-r1: fix GHSA-4f8r-qqr9-fq8j

Advisory data: https://github.com/wolfi-dev/advisories/blob/main/falcoctl.advisories.yaml

octo-sts[bot] avatar Oct 10 '24 08:10 octo-sts[bot]

Open AI suggestions to solve the build error:

The error in the log indicates a problem with the Go module versioning:

- The module `github.com/theupdateframework/go-tuf` is being imported with an incorrect path. The correct path should include `/v2` for version 2.
- To resolve this, update your import paths in the code to `github.com/theupdateframework/go-tuf/v2`.
- Modify your `go.mod` file to use the correct module path: `require github.com/theupdateframework/go-tuf/v2 v2.0.1`.
- Finally, run the command `go get github.com/theupdateframework/go-tuf/[email protected]` to update the dependency correctly.

octo-sts[bot] avatar Oct 10 '24 08:10 octo-sts[bot]

After some debugging, looks like this is going to require changes from upstream to work with the new version of go-tuf. Creating an advisory instead: https://github.com/wolfi-dev/advisories/pull/8775

hbh7 avatar Oct 28 '24 17:10 hbh7