Skip to content

Comments

Wiz: Upgrade multiple dependencies (resolves 49 findings)#73

Open
wiz-betterup[bot] wants to merge 4 commits intomasterfrom
wiz-auto-remediation-cd0e1dac1e1523c6
Open

Wiz: Upgrade multiple dependencies (resolves 49 findings)#73
wiz-betterup[bot] wants to merge 4 commits intomasterfrom
wiz-auto-remediation-cd0e1dac1e1523c6

Conversation

@wiz-betterup
Copy link

@wiz-betterup wiz-betterup bot commented Feb 21, 2026

Wiz Remediation Pull Request Banner

Wiz has created this PR to fix 49 findings detected in this project

Changes were made to the following file(s):

  • docs/requirements.txt
  • go.mod
  • ui-test/package.json
  • ui/package.json

Vulnerabilities:

Component Findings Locations
axios
0.21.4 → 107.0.2		 High CVE-2025-27152
Medium CVE-2023-45857		 /ui-test/package.json
chromedriver
94.0.0 → 119.0.1		 High CVE-2023-26156 /ui-test/package.json
esbuild
0.18.20 → 4.19.3		 Medium GHSA-67mh-4wv8-2f99 /ui/package.json
github.com/Azure/azure-sdk-for-go/sdk/az-
identity
1.1.0 → 1.6.0-beta.4.0.20240610221955-50774cd97099		 Medium CVE-2024-35255 /go.mod
github.com/argoproj/gitops-engine
0.7.1-0.20230809134534-ed7c77a9290b → 0.7.1-0.20250129155113-4c6e03c463141		 Medium CVE-2025-23216 /go.mod
github.com/cloudflare/circl
1.3.3 → 1.6.1		 High GHSA-9763-4f94-gfch
Low CVE-2025-8556		 /go.mod
github.com/go-git/go-git/v5
5.8.1 → 5.16.5		 Critical CVE-2023-49569
Critical CVE-2025-21613
High CVE-2023-49568
High CVE-2025-21614
Medium CVE-2026-25934		 /go.mod
github.com/go-jose/go-jose/v3
3.0.1 → 3.0.4		 Medium CVE-2025-27144
Medium CVE-2024-28180		 /go.mod
github.com/golang-jwt/jwt/v4
4.5.0 → 4.5.2		 High CVE-2025-30204
Low CVE-2024-51744		 /go.mod
github.com/golang/glog
1.1.2 → 1.2.4		 High CVE-2024-45339 /go.mod
github.com/hashicorp/go-retryablehttp
0.7.4 → 0.7.7		 Medium CVE-2024-6104 /go.mod
golang.org/x/crypto
0.16.0 → 0.45.0		 Critical CVE-2024-45337
High CVE-2025-47913
High CVE-2025-22869
Medium CVE-2023-48795
Medium CVE-2025-47914
Medium CVE-2025-58181		 /go.mod
golang.org/x/net
0.19.0 → 0.38.0		 High CVE-2023-45288
Medium CVE-2025-22872
Medium CVE-2025-22870		 /go.mod
golang.org/x/oauth2
0.13.0 → 0.27.0		 High CVE-2025-22868 /go.mod
google.golang.org/protobuf
1.31.0 → 1.33.0		 High CVE-2024-24786 /go.mod
jinja2
3.0.3 → 3.1.6		 Medium CVE-2024-56326
Medium CVE-2024-34064
Medium CVE-2025-27516
Medium CVE-2024-56201
Medium CVE-2024-22195		 /docs/requirements.txt
k8s.io/kubernetes
1.24.15 → 1.32.10		 High CVE-2023-3676
High CVE-2023-3955
High CVE-2024-10220
High CVE-2024-0793
High CVE-2023-5528
Medium CVE-2024-5321
Medium CVE-2025-13281
Medium CVE-2025-0426
Medium CVE-2025-5187
Low CVE-2021-25743
Low CVE-2024-3177		 /go.mod
minimatch
3.1.2 → 10.2.1		 High CVE-2026-26996 /ui/package.json
mkdocs-material
7.1.8 → 9.5.5		 High CVE-2021-40978
High CVE-2023-50447		 /docs/requirements.txt

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

@wiz-betterup
Copy link
Author

wiz-betterup bot commented Feb 21, 2026

⚠️ Lock file update issue

Please update the lock file manually before merging this PR.

ui/yarn.lock 
Unsupported package manager version

ui-test/yarn.lock 
Unsupported package manager version

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Wiz-auto-remediation Wiz-remediation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants