mirror of
https://github.com/drone/drone-kaniko.git
synced 2026-07-16 16:21:10 +08:00
9dc5b4eb4a
* fix: [CI-23227]: Vuln-Fix-Kaniko Co-authored-by: Cursor <cursoragent@cursor.com> * fix: [CI-23227]: bump vbatts/tar-split to v0.12.2 Resolves the High-severity tar-split (archive/tar) vulnerability flagged by Snyk in the kaniko-docker plugin binary. tar-split is pulled in transitively via go-containerregistry -> estargz. go mod tidy also nudged urfave/cli v1.22.15 -> v1.22.16 (benign patch). Co-authored-by: Cursor <cursoragent@cursor.com> * fix: [CI-23227]: bump golang.org/x/net to v0.55.0 Resolves CVE-2026-39821 (x/net/idna Improper Authentication, Critical) and CVE-2026-33814 (x/net/http2 Infinite loop, High) surfaced in the kaniko-acr plugin binary. Co-authored-by: Cursor <cursoragent@cursor.com> --------- Co-authored-by: Cursor <cursoragent@cursor.com>