search

cli / go-gh

A Go module for interacting with gh and the GitHub API from the command line.
https://pkg.go.dev/github.com/cli/go-gh/v2
MIT License
322 stars 45 forks source link

CVE Vulnerability CVE-2023-3978 in dependency #135

Closed luzemail closed 8 months ago

luzemail commented 9 months ago

In go.mod i see this dependency golang.org/x/net v0.7.0 // indirect

this version is affected by CVE-2023-3978

I believe that updating golang.org/x/text v0.7.0 should solve this

samcoe commented 9 months ago

@luzemail Thanks for opening this, I am working to resolve it for our next release 👍