go 1.14 vulnerability CVE-2021-38297 #101
Labels
Comments
|
Thanks for submitting this security issue! From: https://nvd.nist.gov/vuln/detail/CVE-2021-38297
We don't build for |
|
Latest release upgrades golang: https://github.com/aptible/supercronic/releases/tag/v0.2.0 |
mwalbeck
pushed a commit
to mwalbeck/docker-flox
that referenced
this issue
Jun 21, 2022
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [aptible/supercronic](https://github.com/aptible/supercronic) | minor | `v0.1.13` -> `v0.2.0` | --- ### Release Notes <details> <summary>aptible/supercronic</summary> ### [`v0.2.0`](https://github.com/aptible/supercronic/releases/tag/v0.2.0) [Compare Source](aptible/supercronic@v0.1.13...v0.2.0) This release upgrades golang to 1.18.x in order to address theoretical CVEs: - aptible/supercronic#101 - aptible/supercronic#99 We also switched from using travis to github actions. We do not anticipate any breaking changes but with a major programming language bump we felt a patch was insufficient. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://git.walbeck.it/mwalbeck/docker-flox/pulls/508 Co-authored-by: renovate-bot <bot@walbeck.it> Co-committed-by: renovate-bot <bot@walbeck.it>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please update to go 1.17.2 which fixes this CVE.
The text was updated successfully, but these errors were encountered: