Open divVerent opened 7 months ago
Projects using go-licenses as build dependency now always get a security warning:
https://github.com/divVerent/aaaaxy/security/dependabot/7
It appears to be a real RCE that also is exploitable through its use by go-licenses.
This can be fixed only by this module upgrading from gopkg.in/src-d/go-git.v4 to github.com/go-git/go-git/v5.
Can you do that?
This actually seems to already be fixed by 9a41918e8c1e254f6472bdd8454b6030d445b255 - so all that's required is a new release of go-licenses.
Projects using go-licenses as build dependency now always get a security warning:
https://github.com/divVerent/aaaaxy/security/dependabot/7
It appears to be a real RCE that also is exploitable through its use by go-licenses.
This can be fixed only by this module upgrading from gopkg.in/src-d/go-git.v4 to github.com/go-git/go-git/v5.
Can you do that?