a8m
commented
1 year ago Binaries are built with the latest Go version by default, but you can feel free to send a patch to fix the go.mod file. Thanks 🙏🏻
Closed ryanh-orca closed 1 year ago
a8m
commented
1 year ago Binaries are built with the latest Go version by default, but you can feel free to send a patch to fix the go.mod file. Thanks 🙏🏻
With this CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-27664, Go has vulnerability for any version before 1.18.6 or 1.19.1.
With latest release of envsubtr, it's using Go version 1.17: https://github.com/a8m/envsubst/blob/v1.4.2/go.mod#L3
Is there a plan to upgrade Go version to patch this CVE?