chore(deps): Bump github.com/sigstore/rekor from 1.4.3 to 1.5.0#36
chore(deps): Bump github.com/sigstore/rekor from 1.4.3 to 1.5.0#36dependabot[bot] wants to merge 1 commit into
Security Analysis Passed
No security issues found
Details
Kusari Analysis Results:
✅ No Flagged Issues Detected
All values appear to be within acceptable risk parameters.
Both security analyses confirm this PR is safe to merge. The dependency update from rekor v1.4.3 to v1.5.0 actively improves security by fixing 2 moderate severity vulnerabilities (nil pointer dereference GHSA-273p-m2cw-6833 and SSRF GHSA-4c4x-jm2x-pf9j) with no known vulnerabilities in the new version. Code analysis found zero security issues across all scans - no exposed secrets, workflow issues, or module vulnerabilities. Minor concerns about indirect dependencies lacking code review processes pose no immediate threat as they have no active CVEs and use permissive licenses. This is a net security improvement with no breaking changes and should be merged.
Note
View full detailed analysis result for more information on the output and the checks that were run.
@kusari-inspector rerun - Trigger a re-analysis of this PR
@kusari-inspector feedback [your message] - Send feedback to our AI and team
See Kusari's documentation for setup and configuration.
Commit: 3546c89, performed at: 2026-01-22T18:51:24Z