Bump filepath-securejoin to v0.2.4
What does this MR do and why?
This MR bumps filepath-securejoin to v0.2.4 due security vulnerability:
Library | Vulnerability | Severity | Status | Installed Version | Fixed Version | Title |
---|---|---|---|---|---|---|
github.com/cyphar/filepath-securejoin | GHSA-6xv5-86q9-7xr8 | MEDIUM | fixed | 0.2.3 | 0.2.4 | SecureJoin: on windows, paths outside of the rootfs could be inadvertently produced... https://github.com/advisories/GHSA-6xv5-86q9-7xr8 |
Checklist
-
I added tests (non changed) -
Green pipeline -
Assign to reviewer /label ~"devops::release" ~"group::release" GitLab Release CLI Category:Release Orchestration golang
Edited by Alexander