Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade golang.org/x/text to 0.3.7 #60

Closed
wants to merge 1 commit into from
Closed

Upgrade golang.org/x/text to 0.3.7 #60

wants to merge 1 commit into from

Conversation

wgfm
Copy link

@wgfm wgfm commented Oct 4, 2022
edited

The old version, 0.3.0, is vulnerable to CVE-2020-14040: https://nvd.nist.gov/vuln/detail/CVE-2020-14040

Resolves #51

@dosullivan557
Copy link

Are we able to merge this?
I am being affected by CVE-2020-14040.

@wgfm
Copy link
Author

wgfm commented Dec 8, 2022

It doesn't look like Scuttle is actively maintained at the moment. I don't have write permissions to this repository, so unfortunately I can't merge.

@linjmeyer
Copy link

Hey all, I'm not with Redbox anymore and I don't have access to help you out here. I don't think this is being maintained by anyone.

I am working on a replacement to Scuttle, same idea just a better way to handle configuration/extendability. I think it should be open sourced this week or next, I can post it here if you guys are interested. Unfortunately I think the only other option is to fork this. @wgfm @dosullivan557

@linjmeyer linjmeyer mentioned this pull request Dec 8, 2022
Closed
@dosullivan557
Copy link

Hey @linjmeyer - that sounds great - if you could share once ready, that would be great!

@dosullivan557
Copy link

@linjmeyer any update on the new version?

@kvij
Copy link

kvij commented Mar 28, 2023

I'm maintaining a fork that has everything updated: https://github.com/kvij/scuttle
@linjmeyer let me know if you are looking for someone to collaborate on your new project or would like to help maintain my fork in the mean time.

This was referenced Mar 28, 2023
Closed
Open
Open
Open
@linjmeyer
Copy link

I don't have any updates sadly, we have a new tool internally where I work currently but open sourcing it seems unlikely at this point. I think using a maintained fork is your best bet. Thanks @kvij for forking it and updating!

@wgfm
Copy link
Author

wgfm commented Apr 21, 2023

I'm going to close this PR, as it is never going be merged. Also, I have moved companies and I have no stake in this anymore.

@wgfm wgfm closed this Apr 21, 2023
@wgfm wgfm deleted the wh/upgrade-x-text branch April 21, 2023 14:10
@kvij kvij mentioned this pull request Oct 24, 2023
Closed
@linjmeyer
Copy link

Sorry all this took so long, but we have opened sourced an alternative to scuttle here at The Aspen Group: https://github.com/tag-oss/rescuttle

Same idea, but it is a bit more flexible and easier to configure. Feel free to check it out!

@kvij kvij mentioned this pull request Dec 16, 2023
Open
audacioustux added a commit to audacioustux/k6-operator that referenced this pull request Mar 30, 2024
@audacioustux
use arm64 supported kvij/scuttle instead of redboxoss/scuttle redboxl…
01161eb 
…lc/scuttle#60 (comment)
yorugac pushed a commit to grafana/k6-operator that referenced this pull request Apr 1, 2024
@audacioustux
Add arm64 support (#380)
1441c17 
* use arm64 supported curlimages/curl instead of busyboxplus:curl

* use arm64 supported kvij/scuttle instead of redboxoss/scuttle redboxllc/scuttle#60 (comment)

* remove  explicit GOARCH=amd64

* build arm64 image with qemu, update workflow versions in push.yml

* revert pushing worktree for branch working_arm64 by mistake

* fix starter dockerfile

* revert to buildx version 0.9.1

* keep USER 65532:65532
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update to x/text 0.3.3
4 participants
@wgfm @dosullivan557 @linjmeyer @kvij