Go Cryptography vulnerabilities detected by AWS Inspector

[davexunit]

My company uses AWS Inspector to scan the container images we use in our CI environment and we are seeing a number of vulnerabilities in the latest version (0.10.3) of the Code Climate test reporter:

• https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTO-2825234
• https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9283.html
• https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29652.html

All three are for the Go Crypto library: https://pkg.go.dev/golang.org/x/crypto

[davexunit]

I can see that the issue was fixed with the merging of #497 but what is the timeline for this fix making into, say, the binary download available via https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 ?

[camillof]

It should be available once #500 goes in. I would say today/tomorrow.

[davexunit]

Okay, thank you!

[camillof]

Hey @davexunit , version 0.10.4 is out! Sorry for the delay, we had some incidents last week that took our full capacity