building burn with newer golang.org/x/text versions (>=v0.4.0)
golang.org/x/text@v0.3.X has some security-related issues. we want burn to avoid using these versions.
govulncheck -show verbose ./...
Scanning your code and 174 packages across 20 dependent modules for known vulnerabilities...
=== Symbol Results ===
No vulnerabilities found.
=== Package Results ===
Vulnerability #1: GO-2022-0493
Incorrect privilege reporting in syscall and golang.org/x/sys/unix
More info: https://pkg.go.dev/vuln/GO-2022-0493
Module: golang.org/x/sys
Found in: golang.org/x/sys@v0.0.0-20190624142023-c5567b49c5d0
Fixed in: golang.org/x/sys@v0.0.0-20220412211240-33da011f77ad
Vulnerability #2: GO-2020-0015
Infinite loop when decoding some inputs in golang.org/x/text
More info: https://pkg.go.dev/vuln/GO-2020-0015
Module: golang.org/x/text
Found in: golang.org/x/text@v0.3.2
Fixed in: golang.org/x/text@v0.3.3
=== Module Results ===
Vulnerability #1: GO-2022-1059
Denial of service via crafted Accept-Language header in
golang.org/x/text/language
More info: https://pkg.go.dev/vuln/GO-2022-1059
Module: golang.org/x/text
Found in: golang.org/x/text@v0.3.2
Fixed in: golang.org/x/text@v0.3.8
Vulnerability #2: GO-2021-0113
Out-of-bounds read in golang.org/x/text/language
More info: https://pkg.go.dev/vuln/GO-2021-0113
Module: golang.org/x/text
Found in: golang.org/x/text@v0.3.2
Fixed in: golang.org/x/text@v0.3.7
Your code is affected by 0 vulnerabilities.
This scan also found 2 vulnerabilities in packages you import and 2
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
building
burn
with newergolang.org/x/text
versions (>=v0.4.0
)golang.org/x/text@v0.3.X
has some security-related issues. we wantburn
to avoid using these versions.Description
Related Issue
Motivation and Context
How Has This Been Tested?
Screenshots
Checklist: