Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security Vulnerability Upgrading golang.org/x/text #287

Merged
merged 2 commits into from Aug 5, 2022

Conversation

ybocalandro
Copy link
Contributor

Request to update golang.org/x/text prior to v0.3.6 library to non-vulnerable version v0.3.7.

CVE-2020-14040
CVE-2021-38561

@ybocalandro
Copy link
Contributor Author

Hello @KaylaNguyen I'm a new collaborator to this repo and I would like to get some traction on this request, to solve an indirect dependency. Please if you are not the best point of contact, can you point me in the right direction? Thanks

@KaylaNguyen
Copy link
Collaborator

Thanks for the pr! @jinglundong is the POC for this repo now. Jinglun can you take a look? Thanks!

@jinglundong
Copy link
Collaborator

Thank for looping me in, Kayla. This repo is the source of truth. I will review and release this hopefully this week.

@ybocalandro
Copy link
Contributor Author

Hello @jinglundong Thanks for reviewing this PR. Please notice I had an issue with my GPG key I just fixed but is causing this PR to be re-approved. Sorry for any inconvenience. Also when do you estimate this change will be released? Thanks

@jinglundong
Copy link
Collaborator

No worries. I approved the workflow that runs the tests. Let's see how it goes.

@ybocalandro
Copy link
Contributor Author

Hello @jinglundong Do you have an estimate when this change will be released? Thanks

@jinglundong jinglundong merged commit d981f2f into golang:master Aug 5, 2022
@jinglundong
Copy link
Collaborator

I created a new release (with tag v2.0.2). Based on my reading of our playbook, that's all we need to release it. Please change the entry in go.mod to require google.golang.org/appengine/v2 v2.0.2 and let us know if it's patched properly. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants