openSUSE-SU-2024:0226-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2024:0226-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2024:0226-1
Related
Published
2024-07-27T04:01:34Z
Modified
2024-07-27T04:01:34Z
Summary
Security update for gh
Details

This update for gh fixes the following issues:

Update to version 2.53.0:

  • CVE-2024-6104: gh: hashicorp/go-retryablehttp: url might write sensitive information to log file (boo#1227035)

  • Disable TestGetTrustedRoot/successfully_verifies_TUF_root test due to https://github.com/cli/cli/issues/8928

  • Rename package directory and files
  • Rename package name to update_branch
  • Rename gh pr update to gh pr update-branch
  • Add test case for merge conflict error
  • Handle merge conflict error
  • Return error if PR is not mergeable
  • Replace literals with consts for Mergeable field values
  • Add separate type for PullRequest.Mergeable field
  • Remove unused flag
  • Print message on stdout instead of stderr
  • Raise error if editor is used in non-tty mode
  • Add tests for JSON field support on issue and pr view commands
  • docs: Update documentation for gh repo create to clarify owner
  • Ensure PR does not panic when stateReason is requested
  • Enable to use --web even though editor is enabled by config
  • Add editor hint message
  • Use prefereditorprompt config by issue create
  • Add prefereditorprompt config
  • Add issue create --editor
  • Update create.go
  • gh attestation trusted-root subcommand (#9206)
  • Fetch variable selected repo relationship when required
  • Add createdAt field to tests
  • Add createdAt field to Variable type
  • Add test for exporting as JSON
  • Add test for JSON output
  • Only populate selected repo information for JSON output
  • Add test to verify JSON exporter gets set
  • Add --json option support
  • Use Variable type defined in shared package
  • Add tests for JSON output
  • Move Variable type and PopulateSelectedRepositoryInformation func to shared
  • Fix query parameter name
  • Update tests to account for ref comparison step
  • Improve query variable names
  • Check if PR branch is already up-to-date
  • Add ComparePullRequestBaseBranchWith function
  • Run go mod tidy
  • Add test to verify --repo requires non-empty selector
  • Require non-empty selector when --repo override is used
  • Run go mod tidy
  • Register update command
  • Add tests for pr update command
  • Add pr update command
  • Add UpdatePullRequestBranch method
  • Upgrade shurcooL/githubv4

Update to version 2.52.0:

  • Attestation Verification - Buffer Fix
  • Remove beta note from attestation top level command
  • Removed beta note from gh at download.
  • Removed beta note from gh at verify, clarified reusable workflows use case.
  • add -a flag to gh run list
References

Affected packages

SUSE:Package Hub 15 SP6 / gh

Package

Name
gh
Purl
pkg:rpm/suse/gh&distro=SUSE%20Package%20Hub%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.53.0-bp156.2.6.1

Ecosystem specific

{
    "binaries": [
        {
            "gh-fish-completion": "2.53.0-bp156.2.6.1",
            "gh": "2.53.0-bp156.2.6.1",
            "gh-bash-completion": "2.53.0-bp156.2.6.1",
            "gh-zsh-completion": "2.53.0-bp156.2.6.1"
        }
    ]
}

openSUSE:Leap 15.6 / gh

Package

Name
gh
Purl
pkg:rpm/opensuse/gh&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.53.0-bp156.2.6.1

Ecosystem specific

{
    "binaries": [
        {
            "gh-fish-completion": "2.53.0-bp156.2.6.1",
            "gh": "2.53.0-bp156.2.6.1",
            "gh-bash-completion": "2.53.0-bp156.2.6.1",
            "gh-zsh-completion": "2.53.0-bp156.2.6.1"
        }
    ]
}