Closed ajayk closed 1 month ago
We recently enabled auditable builds , Rye was flagged for CVE here https://github.com/wolfi-dev/os/actions/runs/10209182098/job/28246915328
Run wolfictl scan \ 🔎 Scanning "/tmp/artifacts-1/packages/x86_64/rye-0.38.0-r0.apk" └── 📄 /usr/bin/rye 📦 curve25519-dalek 4.1.2 (rust-crate) Medium GHSA-x4gp-pqpj-f43q fixed in 4.1.3
update curve25519-dalek to 4.1.3
Attached scanner results above
0.38.0
No response
Steps to Reproduce
We recently enabled auditable builds , Rye was flagged for CVE here https://github.com/wolfi-dev/os/actions/runs/10209182098/job/28246915328
Expected Result
update curve25519-dalek to 4.1.3
Actual Result
Attached scanner results above
Version Info
0.38.0
Stacktrace
No response