lubux
commented
1 month ago Hi 👋 You could switch to the 2.8.0 pre-release, which bumps the versions of the dependencies.
Open bssth opened 1 month ago
lubux
commented
1 month ago Hi 👋 You could switch to the 2.8.0 pre-release, which bumps the versions of the dependencies.
bssth
commented
1 month ago Hi 👋 You could switch to the 2.8.0 pre-release, which bumps the versions of the dependencies.
Hi! Kindly tell me if it is stable enough to use. Thanks for fast response!
bssth
commented
1 month ago Problem with circl gone, but I have another one:
lubux
commented
1 month ago Hi! Kindly tell me if it is stable enough to use.
Yes, the pre-release can be used. It adds support for the OpenPGP crypto-refresh if enabled, which is not fully published yet. This is why it is still a pre-release.
Problem with circl gone, but I have another one:
GopenPGP does not rely on the SSH features in x/crypto, so it is fine: https://github.com/golang/crypto/compare/v0.17.0...v0.23.0"
bssth
commented
1 month ago GopenPGP does not rely on the SSH features in x/crypto, so it is fine: golang/crypto@v0.17.0...v0.23.0"
So it's not used, just indirect dependency of another dependency which is not used in your project?
dependabot complains that some of your library dependencies have known vulnerabilities. This is about github.com/cloudflare/circl and golang.org/x/crypto
Proposes from bot:
..exactly the same as from Goland IDE. Is it possible to upgrade to versions that are considered secure?