From 2ec39a1882ff2ce0107a62c49417770d7cca7762 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dirk=20M=C3=BCller?= <dirk@dmllr.de>
Date: Tue, 8 Nov 2022 14:14:24 +0100
Subject: [PATCH] Update x/text to 0.3.8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This fixes a vulnerability in 0.3.7. Also remove unnecessary indirect
dependency on the parent module.

┌───────────────────┬─────────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────┐
│      Library      │    Vulnerability    │ Severity │ Installed Version │ Fixed Version │                          Title                           │
├───────────────────┼─────────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────┤
│ golang.org/x/text │ CVE-2022-32149      │ HIGH     │ 0.3.7             │ 0.3.8         │ golang: golang.org/x/text/language: ParseAcceptLanguage  │
│                   │                     │          │                   │               │ takes a long time to parse complex tags                  │
│                   │                     │          │                   │               │ https://avd.aquasec.com/nvd/cve-2022-32149               │
│                   ├─────────────────────┼──────────┤                   │               ├──────────────────────────────────────────────────────────┤
│                   │ GHSA-69ch-w2m2-3vjp │ UNKNOWN  │                   │               │ An attacker may cause a denial of service by crafting an │
│                   │                     │          │                   │               │ Accept-Language...                                       │
│                   │                     │          │                   │               │ https://github.com/advisories/GHSA-69ch-w2m2-3vjp        │
└───────────────────┴─────────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────┘
---
 cmd/urfave-cli-genflags/go.mod | 2 +-
 cmd/urfave-cli-genflags/go.sum | 4 ++--
 go.mod                         | 5 +----
 go.sum                         | 2 --
 4 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/cmd/urfave-cli-genflags/go.mod b/cmd/urfave-cli-genflags/go.mod
index af40aaa1bf..a97baf87db 100644
--- a/cmd/urfave-cli-genflags/go.mod
+++ b/cmd/urfave-cli-genflags/go.mod
@@ -4,7 +4,7 @@ go 1.18
 
 require (
 	github.com/urfave/cli/v2 v2.11.2
-	golang.org/x/text v0.3.7
+	golang.org/x/text v0.3.8
 	gopkg.in/yaml.v3 v3.0.1
 )
 
diff --git a/cmd/urfave-cli-genflags/go.sum b/cmd/urfave-cli-genflags/go.sum
index e59916dc6f..dce7f4d11b 100644
--- a/cmd/urfave-cli-genflags/go.sum
+++ b/cmd/urfave-cli-genflags/go.sum
@@ -6,8 +6,8 @@ github.com/urfave/cli/v2 v2.11.2 h1:FVfNg4m3vbjbBpLYxW//WjxUoHvJ9TlppXcqY9Q9ZfA=
 github.com/urfave/cli/v2 v2.11.2/go.mod h1:f8iq5LtQ/bLxafbdBSLPPNsgaW0l/2fYYEHhAyPlwvo=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
-golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8 h1:nAL+RVCQ9uMn3vJZbV+MRnydTJFPf8qqY42YiA6MrqY=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
diff --git a/go.mod b/go.mod
index 09ef1477d8..7fa4542cbc 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,4 @@ require (
 	gopkg.in/yaml.v3 v3.0.1
 )
 
-require (
-	github.com/russross/blackfriday/v2 v2.1.0 // indirect
-	golang.org/x/text v0.3.7 // indirect
-)
+require github.com/russross/blackfriday/v2 v2.1.0 // indirect
diff --git a/go.sum b/go.sum
index 96058c71de..0756e415ce 100644
--- a/go.sum
+++ b/go.sum
@@ -6,8 +6,6 @@ github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
-golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=