You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When installing yq 4.23.1 I've noticed that the binary has been built using go1.17.7 and therefore is vulnerable to CVE-2022-24921, even though 8cb2422 had bumped the go version to 1.18 before 4.23.1 was released.
Version of yq: 4.23.1
Operating system: mac and linux
Installed via: release page
Describe the bug
When installing yq 4.23.1 I've noticed that the binary has been built using go1.17.7 and therefore is vulnerable to CVE-2022-24921, even though 8cb2422 had bumped the go version to 1.18 before 4.23.1 was released.
Version of yq: 4.23.1
Operating system: mac and linux
Installed via: release page
I have tested this on https://github.com/mikefarah/yq/releases/download/v4.23.1/yq_darwin_amd64 , https://github.com/mikefarah/yq/releases/download/v4.23.1/yq_linux_amd64 and https://github.com/mikefarah/yq/releases/download/v4.23.1/yq_linux_s390x
The text was updated successfully, but these errors were encountered: