Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update x/text to 0.3.8 #1571

Merged
merged 1 commit into from Nov 8, 2022
Merged

Update x/text to 0.3.8 #1571

merged 1 commit into from Nov 8, 2022

Commits on Nov 8, 2022

  1. Update x/text to 0.3.8 

    This fixes a vulnerability in 0.3.7. Also remove unnecessary indirect
dependency on the parent module.

┌───────────────────┬─────────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────┐
│      Library      │    Vulnerability    │ Severity │ Installed Version │ Fixed Version │                          Title                           │
├───────────────────┼─────────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────┤
│ golang.org/x/text │ CVE-2022-32149      │ HIGH     │ 0.3.7             │ 0.3.8         │ golang: golang.org/x/text/language: ParseAcceptLanguage  │
│                   │                     │          │                   │               │ takes a long time to parse complex tags                  │
│                   │                     │          │                   │               │ https://avd.aquasec.com/nvd/cve-2022-32149               │
│                   ├─────────────────────┼──────────┤                   │               ├──────────────────────────────────────────────────────────┤
│                   │ GHSA-69ch-w2m2-3vjp │ UNKNOWN  │                   │               │ An attacker may cause a denial of service by crafting an │
│                   │                     │          │                   │               │ Accept-Language...                                       │
│                   │                     │          │                   │               │ GHSA-69ch-w2m2-3vjp        │
└───────────────────┴─────────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────┘
    @dirkmueller
    dirkmueller committed Nov 8, 2022
    Copy the full SHA
    2ec39a1 View commit details
    Browse the repository at this point in the history