Skip to content

code-server: add patch to bump qs to v6.14.1 #77087

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bentasker merged 1 commit into from
Jan 5, 2026
Merged

code-server: add patch to bump qs to v6.14.1 #77087

bentasker merged 1 commit into from
Jan 5, 2026
+28 −1

Conversation

@brianmcarey
Copy link
Member

@brianmcarey brianmcarey commented Jan 2, 2026

qs v6.14.1 remediates CVE-2025-15284

@brianmcarey
code-server: add patch to bump qs to v6.14.1
9254737 
qs v6.14.1 remediates CVE-2025-15284

Signed-off-by: Brian Carey <brian.carey@chainguard.dev>
@octo-sts octo-sts bot added the bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. label Jan 2, 2026
@brianmcarey brianmcarey requested a review from a team January 2, 2026 16:28
@brianmcarey brianmcarey self-assigned this Jan 2, 2026
@brianmcarey
Copy link
Member Author

brianmcarey commented Jan 2, 2026

There is an issue with bumping the version of the code-server package - #76293 (comment) - in the meantime to fix GHSA-6rw7-vpxm-498p lets add this patch to the current version.

@bentasker bentasker merged commit 3283532 into wolfi-dev:main Jan 5, 2026
15 of 17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bentasker bentasker bentasker approved these changes

Assignees

@brianmcarey brianmcarey

Labels

bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@brianmcarey @bentasker