Open lantoli opened 3 months ago
Hello @lantoli,
thanks for reporting. It is not clear to me how to fix this, I don't know which version of goproxy
contains a fix for this.
thanks @hanshasselberg , the issue was fixed in https://github.com/elazarl/goproxy/pull/507 but it looks like they don't do releases, so you can take the latest commit in master as the version to use.
also in the link above with Snyk:
A fix was pushed into the master branch but not yet published.
Hi, we're using this Go package in MongoDB from: https://github.com/mongodb/terraform-provider-mongodbatlas/blob/master/tools/check-changelog-entry-file/main.go
We've detected a vulnerability in a dependency. Would it be possible if you update it?
Also can you please evaluate to do Github releases for this package?
More info: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMELAZARLGOPROXY-5783247
Dependency chain from our script:
Thanks a lot