Affected by GO-2025-3815 and 5 other vulnerabilities

GO-2025-3815: melange's world-writable permissions expose SBOM files to potential image tampering in chainguard.dev/melange

GO-2026-4407: melange QEMU runner could write files outside workspace directory in chainguard.dev/melange

GO-2026-4408: melange pipeline working-directory could allow command injection in chainguard.dev/melange

GO-2026-4409: melange has a path traversal in license-path which allows reading files outside workspace in chainguard.dev/melange

GO-2026-4412: melange affected by potential host command execution via license-check YAML mode patch pipeline in chainguard.dev/melange

GO-2026-4588: `melange update-cache` has unbounded HTTP download that can exhaust disk in CI in chainguard.dev/melange

relmon

package

v0.29.0 Latest Latest Go to latest Published: Jul 3, 2025 License: Apache-2.0 Imports: 8 Imported by: 0

Details

This section is empty.

This section is empty.

This section is empty.

type Item struct {
	Ecosystem string `json:"ecosystem"`
	Homepage  string `json:"homepage"`
	ID        int    `json:"id"`
}

type Items struct {
	Items []Item `json:"items"`
}

type MonitorFinder struct {
	Client *rlhttp.RLHTTPClient
}

func NewMonitorFinder() *MonitorFinder

func (mf *MonitorFinder) FindMonitor(ctx context.Context, pkg string) (*Item, error)