{"affected":[{"ecosystem_specific":{"binaries":[{"gh":"2.53.0-bp155.2.12.1","gh-bash-completion":"2.53.0-bp155.2.12.1","gh-fish-completion":"2.53.0-bp155.2.12.1","gh-zsh-completion":"2.53.0-bp155.2.12.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP5","name":"gh","purl":"pkg:rpm/suse/gh&distro=SUSE%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.53.0-bp155.2.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"gh":"2.53.0-bp155.2.12.1","gh-bash-completion":"2.53.0-bp155.2.12.1","gh-fish-completion":"2.53.0-bp155.2.12.1","gh-zsh-completion":"2.53.0-bp155.2.12.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"gh","purl":"pkg:rpm/opensuse/gh&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.53.0-bp155.2.12.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for gh fixes the following issues:\n\nUpdate to version 2.53.0:\n\n* CVE-2024-6104: gh: hashicorp/go-retryablehttp: url might write sensitive information to log file (boo#1227035)\n\n* Disable `TestGetTrustedRoot/successfully_verifies_TUF_root` test due to https://github.com/cli/cli/issues/8928\n* Rename package directory and files\n* Rename package name to `update_branch`\n* Rename `gh pr update` to `gh pr update-branch`\n* Add test case for merge conflict error\n* Handle merge conflict error\n* Return error if PR is not mergeable\n* Replace literals with consts for `Mergeable` field values\n* Add separate type for `PullRequest.Mergeable` field\n* Remove unused flag\n* Print message on stdout instead of stderr\n* Raise error if editor is used in non-tty mode\n* Add tests for JSON field support on issue and pr view commands\n* docs: Update documentation for `gh repo create` to clarify owner\n* Ensure PR does not panic when stateReason is requested\n* Add `createdAt` field to tests\n* Add `createdAt` field to `Variable` type\n* Add test for exporting as JSON\n* Add test for JSON output\n* Only populate selected repo information for JSON output\n* Add test to verify JSON exporter gets set\n* Add `--json` option support\n* Use `Variable` type defined in `shared` package\n* Add tests for JSON output\n* Move `Variable` type and `PopulateSelectedRepositoryInformation` func to shared\n* Fix query parameter name\n* Update tests to account for ref comparison step\n* Improve query variable names\n* Check if PR branch is already up-to-date\n* Add `ComparePullRequestBaseBranchWith` function\n* Run `go mod tidy`\n* Add test to verify `--repo` requires non-empty selector\n* Require non-empty selector when `--repo` override is used\n* Run `go mod tidy`\n* Register `update` command\n* Add tests for `pr update` command\n* Add `pr update` command\n* Add `UpdatePullRequestBranch` method\n* Upgrade `shurcooL/githubv4`\n\nUpdate to version 2.52.0:\n\n* Attestation Verification - Buffer Fix\n* Remove beta note from attestation top level command\n* Removed beta note from `gh at download`.\n* Removed beta note from `gh at verify`, clarified reusable workflows use case.\n* add `-a` flag to `gh run list`\n","id":"openSUSE-SU-2024:0227-1","modified":"2024-07-27T04:01:36Z","published":"2024-07-27T04:01:36Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/G2COZIDAEHXSE2NGBIJOMDBA64FCPZOP/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1227035"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6104"}],"related":["CVE-2024-6104"],"summary":"Security update for gh","upstream":["CVE-2024-6104"]}