Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependencies vulnerable to CVE-2022-27664 #1691

Closed
huberts90 opened this issue Sep 14, 2022 · 2 comments · Fixed by #1692
Closed

Dependencies vulnerable to CVE-2022-27664 #1691

huberts90 opened this issue Sep 14, 2022 · 2 comments · Fixed by #1692
Assignees
@codyoss
Labels
priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.

Comments

@huberts90
Copy link

Environment details

  • Programming language: Go
  • OS: any
  • Language runtime version: any
  • Package v0.95.0 (latest)

Steps to reproduce

  1. Look into https://github.com/googleapis/google-api-go-client/blob/main/go.mod
  2. See the golang.org/x/net in version v0.0.0-20220624214902-1bab6f366d9e is vulnerable according to GO-2022-0969.
@huberts90 huberts90 added priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. labels Sep 14, 2022
@codyoss
Copy link
Member

codyoss commented Sep 14, 2022

Thanks for the report I will take a look. For future reference please take a look at https://github.com/googleapis/google-api-go-client/blob/main/SECURITY.md for how to report issues like this.

codyoss added a commit to codyoss/google-api-go-client that referenced this issue Sep 14, 2022
@codyoss
fix: upgrade version of golang.org/x/net
1dfb630 
Fixes: googleapis#1691
@codyoss codyoss mentioned this issue Sep 14, 2022
Merged
codyoss added a commit that referenced this issue Sep 14, 2022
@codyoss
fix: upgrade version of golang.org/x/net (#1692)
0f7c1ed 
Fixes: #1691
@release-please release-please bot mentioned this issue Sep 14, 2022
Merged
@huberts90
Copy link
Author

Thank you, I will remember!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@codyoss codyoss

Labels
priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: upgrade version of golang.org/x/net codyoss/google-api-go-client
2 participants
@codyoss @huberts90