Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency text 0.3.6 is vulnerable #36

Open
Akaame opened this issue Feb 15, 2022 · 2 comments
Open

Dependency text 0.3.6 is vulnerable #36

Akaame opened this issue Feb 15, 2022 · 2 comments

Comments

@Akaame
Copy link

Akaame commented Feb 15, 2022

https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXTEXTINTERNALLANGUAGE-2400718

All versions of golang.org/x/text below 0.3.7 are vulnerable. Updating to a later golang.org/x/net should solve this issue for the project.

Cheers.
@srwiley
Copy link
Owner

srwiley commented Feb 17, 2022

Thank you Akaame. Is there specific action I should take, like encouraging versioning somehow? IIRC the dependency on golang.org/x/text is just to make character interpretation during xml parsing to work correctly. All input is appreciated.

@Jacalz Jacalz mentioned this issue May 31, 2022
Closed
@Jacalz
Copy link

Jacalz commented May 31, 2022

I opened a PR to update it so we can see the warning gone :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update golang.org/x/text for CVE-2021-38561, fixes #36
3 participants
@Akaame @srwiley @Jacalz