build(deps): Bump github.com/kubescape/storage from 0.0.185 to 0.2.0#2719
build(deps): Bump github.com/kubescape/storage from 0.0.185 to 0.2.0#2719dependabot[bot] wants to merge 1 commit into
Conversation
dependabot
Bot
added
dependencies
![kodiakhq[bot]](https://avatars.githubusercontent.com/in/29196?s=60&v=4){kind=small}
Kusari Analysis Results:Caution Flagged Issues Detected While the code analysis returned a clean result with zero vulnerabilities or secrets detected, the dependency analysis identified a critical blocking issue that must be resolved first. A high-severity container escape vulnerability (CVE-2025-52881) exists in the transitive dependency github.com/opencontainers/selinux v1.12.0, introduced via the chain: github.com/ossf/scorecard/v4 -> github.com/moby/buildkit -> github.com/opencontainers/selinux. This vulnerability allows an attacker to exploit arbitrary write gadgets and procfs write redirects in runc, potentially enabling full container breakout by misdirecting writes to dangerous files such as /proc/sysrq-trigger or /proc/sys/kernel/core_pattern. The CVSS impact scores are critically high across all vectors (VC:H/VI:H/VA:H/SC:H/SI:H/SA:H), representing a severe business risk for any containerized workload. The clean code analysis does not mitigate or invalidate this dependency risk, as the two analyses are independent. A fix path is available: update github.com/ossf/scorecard/v4 to its latest patched version and run go mod tidy to resolve the transitive dependency. This PR should not be merged until the vulnerable dependency is remediated. Note View full detailed analysis result for more information on the output and the checks that were run. Required Dependency Mitigations
Found this helpful? Give it a 👍 or 👎 reaction! |
|
This pull request has been automatically marked as stale because it has not had recent activity (60 days of inactivity). |
|
@dependabot rebase |
dependabot
Bot
force-pushed
the
dependabot/go_modules/github.com/kubescape/storage-0.2.0
branch
from
32eb074 to
1b297bf
Compare
|
Kusari PR Analysis rerun based on - 1b297bf performed at: 2025-09-06T16:55:27Z - link to updated analysis |
|
@dependabot rebase |
dependabot
Bot
force-pushed
the
dependabot/go_modules/github.com/kubescape/storage-0.2.0
branch
from
1b297bf to
6c672d3
Compare
|
Kusari PR Analysis rerun based on - 6c672d3 performed at: 2025-09-17T16:15:34Z - link to updated analysis |
|
@dependabot rebase |
dependabot
Bot
force-pushed
the
dependabot/go_modules/github.com/kubescape/storage-0.2.0
branch
from
6c672d3 to
0878402
Compare
|
Kusari PR Analysis rerun based on - 0878402 performed at: 2025-09-17T23:43:50Z - link to updated analysis |
|
@dependabot rebase |
dependabot
Bot
force-pushed
the
dependabot/go_modules/github.com/kubescape/storage-0.2.0
branch
from
0878402 to
1ffc2d4
Compare
|
@dependabot rebase |
dependabot
Bot
force-pushed
the
dependabot/go_modules/github.com/kubescape/storage-0.2.0
branch
from
1ffc2d4 to
134ced5
Compare
|
@dependabot recreate |
dependabot
Bot
force-pushed
the
dependabot/go_modules/github.com/kubescape/storage-0.2.0
branch
from
134ced5 to
c7ac47d
Compare
|
@dependabot rebase |
dependabot
Bot
force-pushed
the
dependabot/go_modules/github.com/kubescape/storage-0.2.0
branch
from
c7ac47d to
88fb746
Compare
|
@dependabot recreate |
dependabot
Bot
force-pushed
the
dependabot/go_modules/github.com/kubescape/storage-0.2.0
branch
from
88fb746 to
228a6f0
Compare
|
@dependabot recreate |
dependabot
Bot
force-pushed
the
dependabot/go_modules/github.com/kubescape/storage-0.2.0
branch
from
228a6f0 to
4b1868f
Compare
|
@dependabot rebase |
dependabot
Bot
force-pushed
the
dependabot/go_modules/github.com/kubescape/storage-0.2.0
branch
from
4b1868f to
29dbc49
Compare
|
@dependabot recreate |
dependabot
Bot
force-pushed
the
dependabot/go_modules/github.com/kubescape/storage-0.2.0
branch
from
29dbc49 to
00218b2
Compare
|
@dependabot recreate |
dependabot
Bot
force-pushed
the
dependabot/go_modules/github.com/kubescape/storage-0.2.0
branch
from
00218b2 to
6296b42
Compare
|
Kusari PR Analysis rerun based on - 6296b42 performed at: 2026-02-27T15:21:08Z - link to updated analysis |
|
@dependabot recreate |
dependabot
Bot
force-pushed
the
dependabot/go_modules/github.com/kubescape/storage-0.2.0
branch
from
6296b42 to
47c156a
Compare
|
Kusari PR Analysis rerun based on - 47c156a performed at: 2026-02-27T15:29:51Z - link to updated analysis |
|
@dependabot recreate |
dependabot
Bot
force-pushed
the
dependabot/go_modules/github.com/kubescape/storage-0.2.0
branch
from
47c156a to
3bc6b0c
Compare
|
@dependabot recreate |
Bumps [github.com/kubescape/storage](https://github.com/kubescape/storage) from 0.0.166 to 0.2.0. - [Release notes](https://github.com/kubescape/storage/releases) - [Commits](https://github.com/kubescape/storage/commits) --- updated-dependencies: - dependency-name: github.com/kubescape/storage dependency-version: 0.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
changed the title
dependabot
Bot
force-pushed
the
dependabot/go_modules/github.com/kubescape/storage-0.2.0
branch
from
3bc6b0c to
c44b5b7
Compare
|
Kusari PR Analysis rerun based on - c44b5b7 performed at: 2026-04-01T14:40:21Z - link to updated analysis |
|
kubescape 0.2.0 has some changes where the functions have been renamed. So this requires some manual work for the upgrade. I'll raise another PR for this |
2 participants
Bumps github.com/kubescape/storage from 0.0.185 to 0.2.0.
Release notes
Sourced from github.com/kubescape/storage's releases.
... (truncated)
Commits