Skip to content

Wiz: Upgrade multiple dependencies (resolves 47 findings) #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wiz-betterup wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Wiz: Upgrade multiple dependencies (resolves 47 findings) #46

wiz-betterup wants to merge 4 commits into from

Conversation

@wiz-betterup
Copy link

@wiz-betterup wiz-betterup bot commented Dec 13, 2025

Wiz Remediation Pull Request Banner

Wiz has created this PR to fix 47 findings detected in this project

Changes were made to the following file(s):

  • /docs/requirements.txt
  • /go.mod
  • /ui-test/package.json
  • /ui/package.json

Vulnerabilities:

Component Findings Locations
axios
0.21.4 → 107.0.2		 High CVE-2025-58754
High CVE-2025-27152
Medium CVE-2023-45857		 /ui-test/package.json
chromedriver
94.0.0 → 119.0.1		 High CVE-2023-26156 /ui-test/package.json
esbuild
0.18.20 → 4.19.3		 Medium GHSA-67mh-4wv8-2f99 /ui/package.json
github.com/Azure/azure-sdk-for-go/sdk/az-
identity
1.1.0 → 1.6.0-beta.4.0.20240610221955-50774cd97099		 Medium CVE-2024-35255 /go.mod
github.com/argoproj/gitops-engine
0.7.1-0.20230809134534-ed7c77a9290b → 0.7.1-0.20250129155113-4c6e03c463141		 Medium GHSA-274v-mgcv-cm8j /go.mod
github.com/cloudflare/circl
1.3.3 → 1.6.1		 High GHSA-9763-4f94-gfch
Low CVE-2025-8556		 /go.mod
github.com/go-git/go-git/v5
5.8.1 → 5.13.0		 Critical CVE-2023-49569
Critical CVE-2025-21613
High CVE-2023-49568
High CVE-2025-21614		 /go.mod
github.com/go-jose/go-jose/v3
3.0.1 → 3.0.4		 Medium CVE-2025-27144
Medium CVE-2024-28180		 /go.mod
github.com/golang-jwt/jwt/v4
4.5.0 → 4.5.2		 High CVE-2025-30204
Low CVE-2024-51744		 /go.mod
github.com/golang/glog
1.1.2 → 1.2.4		 High CVE-2024-45339 /go.mod
github.com/hashicorp/go-retryablehttp
0.7.4 → 0.7.7		 Medium CVE-2024-6104 /go.mod
golang.org/x/crypto
0.16.0 → 0.45.0		 Critical CVE-2024-45337
High CVE-2025-22869
Medium CVE-2023-48795
Medium CVE-2025-47914
Medium CVE-2025-58181		 /go.mod
golang.org/x/net
0.19.0 → 0.38.0		 High CVE-2023-45288
Medium CVE-2025-22872
Medium CVE-2025-22870		 /go.mod
golang.org/x/oauth2
0.13.0 → 0.27.0		 High CVE-2025-22868 /go.mod
google.golang.org/protobuf
1.31.0 → 1.33.0		 High CVE-2024-24786 /go.mod
jinja2
3.0.3 → 3.1.6		 Medium CVE-2024-56326
Medium CVE-2024-34064
Medium CVE-2025-27516
Medium CVE-2024-56201
Medium CVE-2024-22195		 /docs/requirements.txt
js-yaml
3.14.1 → 3.14.2		 Medium CVE-2025-64718 /ui/package.json
k8s.io/kubernetes
1.24.15 → 1.31.12		 High CVE-2023-3676
High CVE-2023-3955
High CVE-2024-10220
High CVE-2024-0793
High CVE-2023-5528
Medium CVE-2024-5321
Medium CVE-2025-0426
Medium CVE-2025-5187
Low CVE-2021-25743
Low CVE-2024-3177		 /go.mod
mkdocs-material
7.1.8 → 9.5.5		 High CVE-2021-40978
High CVE-2023-50447		 /docs/requirements.txt

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Wiz-auto-remediation Wiz-remediation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant