lerkolabs/uptop
1
1
Fork 0
Code Issues 17 Pull Requests Actions Packages Projects 2 Releases 4 Wiki Activity
Files
023234f4c398e4d42f0ef42faf9661232e25816c
uptop/.grype.yaml
T
lerko d1ab842283 ci: harden release pipeline and pin tooling 
Un-neuter grype CVE gate (was || echo, now fails on critical).
Add .grype.yaml with ignore for CVE-2026-41589 (wish SCP —
unreachable, we only import wish/bubbletea).

Pin: grype v0.114.0, git-cliff v2.13.1, govulncheck v1.1.4.
Tag `latest` only on tag push, not workflow_dispatch.
Build path ./cmd/uptop (survives a main.go split).
Add dist/ and uptop to .dockerignore.
2026-06-11 13:03:53 -04:00

7 lines
333 B
YAML
Raw Blame History

ignore:
# CVE-2026-41589: SCP path traversal in charmbracelet/wish.
# We only import wish/bubbletea for the SSH TUI server — the vulnerable
# scp.Middleware / scp.NewFileSystemHandler symbols are never compiled in.
# No fix available for wish v1; v2 (charm.land/wish/v2) patched in 2.0.1.
- vulnerability: CVE-2026-41589
Reference in New Issue View Git Blame Copy Permalink