doc(flux-source-controller): Add pending-upstream-fix event for GHSA-f83f-xpx7-ffpw (#27867)

Signed-off-by: Ankush Pathak <ankush.pathak@chainguard.dev>

Author: Ankush-Pathak

flux-source-controller.advisories.yaml

@@ -1001,6 +1001,10 @@ advisories:
             componentType: go-module
             componentLocation: /usr/bin/source-controller
             scanner: grype
+      - timestamp: 2025-12-11T09:01:54Z
+        type: pending-upstream-fix
+        data:
+          note: Remediating this vulnerability requires upgrading github.com/sigstore/fulcio to 1.8.3. github.com/sigstore/fulcio is a transitive dependency and attempting to upgrade results in build failures.
 
   - id: CGA-w436-9442-r362
     aliases: