Skip to content

Bump plexus-utils from 4.0.2 to 4.0.3#957

Merged
rishabh6788 merged 1 commit into
opensearch-project:2.19from
shreyah963:cve-fix
Jul 1, 2026
Merged

Bump plexus-utils from 4.0.2 to 4.0.3#957
rishabh6788 merged 1 commit into
opensearch-project:2.19from
shreyah963:cve-fix

Conversation

@shreyah963

Copy link
Copy Markdown
Contributor

Description

Fix CVE-2025-67030: bump plexus-utils from 4.0.2 to 4.0.3

Related Issues

Resolves #[Issue number to be closed when this PR is merged]

Check List

  • New functionality includes testing.
  • New functionality has been documented.
  • API changes companion pull request created.
  • Commits are signed per the DCO using --signoff.
  • Public documentation issue/PR created.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

plexus-utils >=4.0.0 <4.0.3 is vulnerable per GHSA-6fmv-xxpf-w3cw.

Signed-off-by: shreyah963 <shreyab963@gmail.com>
@rishabh6788 rishabh6788 merged commit 376b4f2 into opensearch-project:2.19 Jul 1, 2026
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants