Trivy security scan found problem with golang text library

[Jasstkn]

Trivy security scan found problem with golang text library v0.3.2:

root/.local/share/helm/plugins/helm-diff/bin/diff
40
=================================================
41
Total: 1 (HIGH: 1, CRITICAL: 0)
42

43
+-------------------+------------------+----------+-------------------+---------------+---------------------------------------+
44
|      LIBRARY      | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                 TITLE                 |
45
+-------------------+------------------+----------+-------------------+---------------+---------------------------------------+
46
| golang.org/x/text | CVE-2020-14040   | HIGH     | v0.3.2            | v0.3.3        | golang.org/x/text: possibility        |
47
|                   |                  |          |                   |               | to trigger an infinite loop in        |
48
|                   |                  |          |                   |               | encoding/unicode could lead to...     |
49
|                   |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2020-14040 |
50
+-------------------+------------------+----------+-------------------+---------------+---------------------------------------+
51

52
tmp/helm-diff/diff/bin/diff
53
===========================
54
Total: 1 (HIGH: 1, CRITICAL: 0)
55

56
+-------------------+------------------+----------+-------------------+---------------+---------------------------------------+
57
|      LIBRARY      | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                 TITLE                 |
58
+-------------------+------------------+----------+-------------------+---------------+---------------------------------------+
59
| golang.org/x/text | CVE-2020-14040   | HIGH     | v0.3.2            | v0.3.3        | golang.org/x/text: possibility        |
60
|                   |                  |          |                   |               | to trigger an infinite loop in        |
61
|                   |                  |          |                   |               | encoding/unicode could lead to...     |
62
|                   |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2020-14040 |
63
+-------------------+------------------+----------+-------------------+---------------+---------------------------------------+

Is it possible to update this library?

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[Jasstkn]

remove stale

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[mumoshu]

I believe this has been fixed via #292

https://github.com/databus23/helm-diff/blame/master/go.sum#L834-L835

Closing this as resolved. Thanks for reporting(and your patience!).