search

jessevdk / go-flags

go command line option parser
http://godoc.org/github.com/jessevdk/go-flags
BSD 3-Clause "New" or "Revised" License
2.59k stars 308 forks source link

Fix CVE-2022-29526 vulnerability caused by golang.org/x/sys? #385

Open amosricky opened 2 years ago

amosricky commented 2 years ago
image image

It seems there is a medium level problem The current golang.org/x/sys version in go.mod is v0.0.0-20210320140829-1e4c9ba3b0c4 This problem already be fixed in version 0.0.0-20220412211240-33da011f77ad Please help this, thank you

Potterli20 commented 2 years ago

fork https://github.com/Potterli20/go-flags-fork

sivakusayan commented 9 months ago

Running govulncheck on this library gives us the following output, so maybe this isn't a problem.

$ govulncheck ./...                                  
Scanning your code and 49 packages across 2 dependent modules for known vulnerabilities...

=== Informational ===

Found 1 vulnerability in packages that you import, but there are no
call stacks leading to the use of this vulnerability. You may not need
to take any action.
See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck for details.

Vulnerability #1: GO-2022-0493
    Incorrect privilege reporting in syscall and golang.org/x/sys/unix
  More info: https://pkg.go.dev/vuln/GO-2022-0493
  Module: golang.org/x/sys
    Found in: golang.org/x/sys@v0.0.0-20210320140829-1e4c9ba3b0c4
    Fixed in: golang.org/x/sys@v0.0.0-20220412211240-33da011f77ad

No vulnerabilities found.

Share feedback at https://go.dev/s/govulncheck-feedback.