Skip to content

fix(security): bump goldmark to v1.8.4 to resolve XSS (GO-2026-5320) #1586

Merged
ramya18101 merged 1 commit into
mainfrom
security/goldmark-vulnerability
Jul 13, 2026
Merged

fix(security): bump goldmark to v1.8.4 to resolve XSS (GO-2026-5320) #1586
ramya18101 merged 1 commit into
mainfrom
security/goldmark-vulnerability

Conversation

@ramya18101

@ramya18101 ramya18101 commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

🔧 Changes

Resolves GO-2026-5320 — a Cross-site Scripting (XSS) vulnerability ingithub.com/yuin/goldmark, flagged by govulncheck as reachable.

Vulnerability: GO-2026-5320 — https://pkg.go.dev/vuln/GO-2026-5320
Module: github.com/yuin/goldmark
Found in: v1.7.13 (transitive dep via charmbracelet/glamour)
Fixed in: v1.7.17 → bumped to v1.8.4 (latest stable)

📝 Checklist

  • All new/changed/fixed functionality is covered by tests (or N/A)
  • I have added documentation for all new/changed functionality (or N/A)

@ramya18101 ramya18101 marked this pull request as ready for review July 13, 2026 05:07
@ramya18101 ramya18101 requested a review from a team as a code owner July 13, 2026 05:07
@ramya18101 ramya18101 enabled auto-merge (squash) July 13, 2026 05:13
@ramya18101 ramya18101 merged commit ca8c331 into main Jul 13, 2026
6 checks passed
@ramya18101 ramya18101 deleted the security/goldmark-vulnerability branch July 13, 2026 05:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants