Skip to content

chore: bump zoekt submodule to upgrade go-git to v5.19.1 (CVE-2026-45571)#1290

Merged
brendan-kellam merged 2 commits into
mainfrom
cursor/cve/go-git
Jun 9, 2026
Merged

chore: bump zoekt submodule to upgrade go-git to v5.19.1 (CVE-2026-45571)#1290
brendan-kellam merged 2 commits into
mainfrom
cursor/cve/go-git

Conversation

@brendan-kellam

@brendan-kellam brendan-kellam commented Jun 9, 2026
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown
Contributor

Fixes SOU-1170

Advances the vendor/zoekt submodule to sourcebot-dev/zoekt#15 (25669533d1f49a), which upgrades go-git from v5.19.0 to v5.19.1 in the bundled zoekt search backend.

That release patches CVE-2026-45571 (crafted repositories may modify .git directories), the sourcebot-tracked advisory for this issue. go-git lives in zoekt's go.mod, so the fix had to land upstream first; this PR just moves the submodule pointer to the merged commit.

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores
    • Updated vendor dependencies to include the latest available revisions.

@brendan-kellam @claude
chore: bump zoekt submodule to upgrade go-git to v5.19.1
14bf530 
Advances the vendor/zoekt submodule to sourcebot-dev/zoekt#15, which upgrades
go-git v5.19.0 -> v5.19.1 (CVE-2026-45570, CVE-2026-45571, GHSA-w5pp-99ch-qj29).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jun 9, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Review Change Stack

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ca5d8adf-c293-493c-8355-ee30e03a5f9e

📥 Commits

Reviewing files that changed from the base of the PR and between 8baaf71 and 9363aac.

📒 Files selected for processing (1)
  • vendor/zoekt

Walkthrough

This PR updates the vendor/zoekt submodule pointer to reference a new upstream commit revision, changing the vendored zoekt code included in the repository.

Changes

Zoekt submodule upgrade

Layer / File(s) Summary
Zoekt submodule pointer update
vendor/zoekt		 The vendor/zoekt submodule commit reference is updated to a new revision.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch cursor/cve/go-git

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions

github-actions Bot commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

@brendan-kellam your pull request is missing a changelog!

@brendan-kellam brendan-kellam merged commit d02f61c into main Jun 9, 2026
6 of 7 checks passed
@brendan-kellam brendan-kellam deleted the cursor/cve/go-git branch June 9, 2026 00:42
@github-actions github-actions Bot mentioned this pull request Jun 9, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@brendan-kellam