Affected by GO-2026-4407
and 4 other vulnerabilities
GO-2026-4407: melange QEMU runner could write files outside workspace directory in chainguard.dev/melange
GO-2026-4408: melange pipeline working-directory could allow command injection in chainguard.dev/melange
GO-2026-4409: melange has a path traversal in license-path which allows reading files outside workspace in chainguard.dev/melange
GO-2026-4412: melange affected by potential host command execution via license-check YAML mode patch pipeline in chainguard.dev/melange
GO-2026-4588: `melange update-cache` has unbounded HTTP download that can exhaust disk in CI in chainguard.dev/melange
package
Version:
v0.33.1
Opens a new window with list of versions in this module.
Published: Nov 12, 2025
License: Apache-2.0
Opens a new window with license information.
Imports: 16
Opens a new window with list of imports.
Imported by: 0
Opens a new window with list of known importers.
Documentation
¶
New returns a renovator which fetches cache dependencies.
type CacheConfig struct {
CacheDir string
}
CacheConfig contains the configuration data for a bump
renovator.
Option sets a config option on a CacheConfig.
WithCacheDir sets the desired target directory for cache
artifacts to be fetched to.
Source Files
¶
Click to show internal directories.
Click to hide internal directories.