Go modules · proxy.golang.org

github.com/palantir/conjure

Remote Payload: matched "curl "

Why PkgRadar flagged v0.0.0-20260528032442-70d0fffdfcd3

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · github.com/palantir/[email protected]/gradle/gradle-jdks-functions.sh

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260615011356-3da00966673d`	Low risk	0	2026-06-16
`v0.0.0-20260614165508-bdbaacad5c89`	Low risk	0	2026-06-16
`v0.0.0-20260614045744-a0c24ec37341`	Low risk	0	2026-06-15
`v0.0.0-20260613213844-69dfa43fc7b7`	Low risk	0	2026-06-14
`v0.0.0-20260612193427-8c9380518826`	Low risk	0	2026-06-13
`v0.0.0-20260611202934-f957f611ab99`	Low risk	0	2026-06-13
`v0.0.0-20260610140846-f46781f192cc`	Low risk	0	2026-06-11
`v0.0.0-20260610002450-f100bff6d9a7`	Low risk	0	2026-06-11
`v0.0.0-20260529235246-dc840c388d02`	Low risk	0	2026-05-31
`v0.0.0-20260528032442-70d0fffdfcd3`	Review	12	2026-05-29

Block this in CI

PkgRadar gates github.com/palantir/conjure (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/palantir/[email protected]