Skip to content

security: vulnerability remediation#301

Open
kernel-internal[bot] wants to merge 1 commit into
mainfrom
security/vuln-remediation
Open

security: vulnerability remediation#301
kernel-internal[bot] wants to merge 1 commit into
mainfrom
security/vuln-remediation

Conversation

@kernel-internal

@kernel-internal kernel-internal Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Vulnerability Remediation

This PR was generated by the Socket-centric vulnerability remediation workflow. Review the planned dependency changes and confirmation evidence before merging.

Fixed

CVE/GHSA Package Ecosystem Old Version New Version Manifest Confirmation
GHSA-6v7q-wjvx-w8wg basic-ftp, puppeteer-core None 24.37.5 5.3.1 confirmed

Not Included

  • Deferred by batch limit: 5 advisories. They will be considered by future runs.
  • Other deferred scanner findings: 3.
  • Unconfirmed attempted fixes: 0.
Deferred details
CVE/GHSA Package Reason
Unavailable from detector google.golang.org/grpc Non-CVE alert is not handled by dependency remediation.
Unavailable from detector golang.org/x/crypto Missing CVE/GHSA identifier required for Socket fix planning.
Unavailable from detector puppeteer-core Non-CVE alert is not handled by dependency remediation.

@kernel-internal kernel-internal Bot force-pushed the security/vuln-remediation branch from 2096490 to 5613fc7 Compare July 8, 2026 04:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant