Closed realize096 closed 8 months ago
Thank you, but we shouldn't just upgrade one indirect package, superseded by https://github.com/khuedoan/homelab/commit/9df8fea61521a2b53fd51117d971d72f4682a230
(Synced terratest fork, then run go get -u all
)
What happened?
There are 1 security vulnerabilities found in golang.org/x/sys v0.0.0-20220517195934-5e4e11fc645e
What did I do?
Upgrade golang.org/x/sys from v0.0.0-20220517195934-5e4e11fc645e to 0.1.0 for vulnerability fix
What did you expect to happen?
Ideally, no insecure libs should be used.
How can we automate the detection of these types of issues?
By using the GitHub Actions configurations provided by murphysec, we can conduct automatic code security checks in our CI pipeline.
The specification of the pull request
PR Specification from OSCS