Skip to content

deps: Update golang.org/x/test to fix CVE-2022-32149 #209

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dtan4 merged 1 commit into from
Oct 29, 2022
Merged

deps: Update golang.org/x/test to fix CVE-2022-32149 #209

dtan4 merged 1 commit into from
Oct 29, 2022

Conversation

@dtan4
Copy link
Owner

@dtan4 dtan4 commented Oct 29, 2022 

$ trivy fs .
2022-10-29T23:43:37.238+0900    INFO    Vulnerability scanning is enabled
2022-10-29T23:43:37.238+0900    INFO    Secret scanning is enabled
2022-10-29T23:43:37.238+0900    INFO    If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2022-10-29T23:43:37.238+0900    INFO    Please see also https://aquasecurity.github.io/trivy/v0.33/docs/secret/scanning/#recommendation for faster secret detection
2022-10-29T23:43:37.245+0900    INFO    Number of language-specific files: 1
2022-10-29T23:43:37.245+0900    INFO    Detecting gomod vulnerabilities...

go.mod (gomod)

Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

┌───────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────┐
│      Library      │ Vulnerability  │ Severity │ Installed Version │ Fixed Version │                          Title                          │
├───────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────┤
│ golang.org/x/text │ CVE-2022-32149 │ HIGH     │ 0.3.7             │ 0.3.8         │ golang: golang.org/x/text/language: ParseAcceptLanguage │
│                   │                │          │                   │               │ takes a long time to parse complex tags                 │
│                   │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2022-32149              │
└───────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────┘

@codecov-commenter
Copy link

codecov-commenter commented Oct 29, 2022

Codecov Report

Base: 37.64% // Head: 37.64% // No change to project coverage 👍

Coverage data is based on head (f2c4351) compared to base (fa02e74).
Patch has no changes to coverable lines.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master     #209   +/-   ##
=======================================
  Coverage   37.64%   37.64%           
=======================================
  Files          10       10           
  Lines         534      534           
=======================================
  Hits          201      201           
  Misses        315      315           
  Partials       18       18

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@dtan4 dtan4 mentioned this pull request Oct 29, 2022
Merged
@dtan4 dtan4 merged commit 5555a7e into master Oct 29, 2022
@dtan4 dtan4 deleted the CVE-2022-32149 branch October 29, 2022 14:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dtan4 @codecov-commenter