hubcio opened a new pull request, #3087: URL: https://github.com/apache/iggy/pull/3087
picomatch <4.0.4 allowed method injection in POSIX character classes causing incorrect glob matching (GHSA alert #160). brace-expansion <5.0.5 allowed zero-step sequences to hang the process. Also bumps testcontainers-go v0.32.0 -> v0.41.0 (and transitives: docker/docker v28.5.2, golang.org/x/crypto v0.48.0, klauspost/compress v1.18.2). Note: docker/docker alerts #169/#170 remain open - v29.3.1 does not exist yet as a Go module. These are Docker daemon AuthZ issues, not client library vulnerabilities. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
