search

IBM / sarama

Sarama is a Go library for Apache Kafka.
MIT License
11.57k stars 1.76k forks source link

Update to Go 1.18 to remove CVEs #2660

Closed rosasck closed 1 year ago

rosasck commented 1 year ago

Update to go 1.18 to remove CVEs: https://nvd.nist.gov/vuln/detail/CVE-2022-29526

https://github.com/IBM/sarama/blob/e16473b64119822c6b78b8063b3332d7908bee74/go.mod#L3

Gorgonx7 commented 1 year ago

@rosasck the version of go specified in a go mod is a minimum version of go to build with, it essentially just describes the syntax that will be used in the library, the vulnerability can be fixed by building your project with a newer version of go