Use Go pseudo-version for GHSA-fhh2-gg7w-gwpq#7784
Conversation
|
👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the |
|
Rechecked on 2026-07-01: |
|
Review note: rechecked this head on 2026-07-07. The PR head JSON validates against the OSV schema, and go list resolves github.com/0xJacky/nginx-ui@f61bcec547c0f305e35348d6440ef156c1d5c3cb to v1.9.10-0.20260315015203-f61bcec547c0 with origin hash f61bcec547c0f305e35348d6440ef156c1d5c3cb. That matches the proposed fixed pseudo-version after dropping the leading v; the advisory alias, severity, package name, and references remain consistent. |
|
Closing this because upstream/main now already contains the fixed Go pseudo-version |
Updates the Nginx-UI Go affected range to the commit-resolved pseudo-version and adds the upstream fix commit reference. The backup manifest/integrity fix is 0xJacky/nginx-ui@f61bcec, and
go list -m -json github.com/0xJacky/nginx-ui@f61bcec547c0resolves it tov1.9.10-0.20260315015203-f61bcec547c0.