Open gugacavalieri opened 1 year ago
This issue seems to be down to the binary - that's currently being distributed - as using Go 1.15.15 which has some known issues:
# Via https://stackoverflow.com/a/18991157
% go version test-reporter-latest-linux-amd64
test-reporter-latest-linux-amd64: go1.15.15
As you mention, recompiling with a newer version of the Go toolchain will resolve this issue.
Reopening #496
Hi guys. Not sure if the binaries are actually being updated with the latest builds. This CVE is still showing for me.
Steps to reproduce it:
install codeclimate reporter
RUN wget --quiet https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 -O /usr/local/bin/cc-test-reporter \ && chmod +x /usr/local/bin/cc-test-reporter
It comes back with the
crypto
CVEs that were supposably patched:However, when I built the binary from my machine and copied it over to the Docker image it reported no CVEs. So I wonder if the binaries are being updated on CodeClimate's website.