The dependency golang.org/x/text v0.3.2 has a CVE issued against it #6
Comments
|
Thank you for rising it @karlmutch !
Glad to hear! Did I get it right that the resolution path is to upgrade |
|
Thanks. PR Added at #8 There appeared to be some issues in the github based testing which don't occur when I use stock go test. Should these be tagged as false positives ? Karl |
|
Indeed, I have fixed one for the CI profiles in #12 and CI build on windows needs further investigation and does not seem to be related to the changes. Thank you for the fix! |
|
Thank you for maintaining the project @bzz ❤️! I wish I could devote some time... Let's hope for the summer. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
When using the github security checking tools the golang.org/x/text v0.3.2 dependency causes an issue to be raised.
https://nvd.nist.gov/vuln/detail/CVE-2020-14040
https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXTEXTENCODINGUNICODE-609611
Thanks for this project I am finding it very useful,
Karl
The text was updated successfully, but these errors were encountered: