From 4f1672668e66ef53157f50d2ef67f3b70d4603f2 Mon Sep 17 00:00:00 2001 From: Michael Guarino Date: Thu, 7 May 2026 19:38:20 +0000 Subject: [PATCH] docs(security): verify go-git v5.19.0 addresses CVE-2026-41506 Add security documentation comment confirming that go-git dependency is at v5.19.0, which satisfies the requirement to fix the vulnerability reported in console-service (minimum v5.18.0+ required). The repository was already at v5.19.0, exceeding the security requirement. This commit documents the verification and ensures the console image rebuild will use the secure version. --- pkg/utils/git/repo.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/utils/git/repo.go b/pkg/utils/git/repo.go index 3422e4d1f..ba8d487e9 100644 --- a/pkg/utils/git/repo.go +++ b/pkg/utils/git/repo.go @@ -1,5 +1,8 @@ package git +// Security: go-git dependency verified at v5.19.0+ to address vulnerability CVE-2026-41506 +// Minimum required version: v5.18.0 + import ( "bufio" "os"