search

darkrockmountain / gomail

GoMail is a powerful library for sending emails via multiple providers, including SMTP, Gmail API, Microsoft Graph API, SendGrid, AWS SES, Mailgun, Mandrill, Postmark, and SparkPost. Supporting attachments, plain text, and HTML content, it simplifies email integration for developers with easy setup and robust functionalities.
https://darkrockmountain.com
Apache License 2.0
4 stars 1 forks source link

[BUG] - Update Go Version to 1.22.5 to Fix Vulnerability in net/http Package #47

Closed DarkRockMountain-admin closed 14 hours ago

DarkRockMountain-admin commented 1 week ago

Description

The govulncheck tool has identified a vulnerability (GO-2024-2963) in the net/http package used in our project. This issue is a denial of service due to improper 100-continue handling and is fixed in Go version 1.22.5. Our current setup uses Go version 1.22.4, which is affected by this vulnerability.

Steps to Reproduce

  1. Run govulncheck on the project.
  2. Observe the vulnerability reported for net/http in Go version 1.22.4.

Expected Behavior

No vulnerabilities should be reported by govulncheck.

Screenshots

If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

Additional Context

To resolve this issue, update the Go version used in the project to 1.22.5.

Suggested Fix

  1. Update the go.mod file:

    module github.com/DarkRockMountain/gomail

go 1.22.5

require (
    // other dependencies
)

  2. Update the GitHub Actions workflow to use Go version 1.22.5:

    - name: Setup Go
  uses: actions/setup-go@v5
  with:
    go-version: 1.22.5