Upgrade components to address CVEs
beltran-rubo opened this issue · 2 comments
beltran-rubo commented
There are several CVEs reported, mainly related to the Go lang version (1.15) and modules. From Trivy scanner:
- github.com/russellhaering/gosaml2 CVE-2020-7711, CVE-2020-7731, CVE-2023-26483, GHSA-6gc3-crp7-25w5
- golang.org/x/crypto CVE-2021-43565, CVE-2022-27191
- golang.org/x/net CVE-2021-44716, CVE-2022-27664, CVE-2022-41723, CVE-2022-41717, GHSA-vvpx-j8f3-3w6h
- golang.org/x/sys CVE-2022-29526
- golang.org/x/text CVE-2021-38561, CVE-2022-32149
I'm using the latest released version 4d8a3b39fe485a5f83c70617d594be01130c5b83 v1.0.1.
Do you plan to update those components for new releases?
github-actions commented
This issue has been automatically marked as stale because it has not had activity in 1 year. It will be closed in 7 days if no further activity occurs. Thanks!