fix(sec): upgrade golang.org/x/sys to 0.1.0 - Githubissues

khuedoan / homelab

Fully automated homelab from empty disk to running services with a single command.

https://homelab.khuedoan.com

GNU General Public License v3.0

7.9k stars 705 forks source link

fix(sec): upgrade golang.org/x/sys to 0.1.0 #121

Closed realize096 closed 8 months ago

realize096 commented 9 months ago

What happened？

There are 1 security vulnerabilities found in golang.org/x/sys v0.0.0-20220517195934-5e4e11fc645e

CVE-2022-29526

What did I do？

Upgrade golang.org/x/sys from v0.0.0-20220517195934-5e4e11fc645e to 0.1.0 for vulnerability fix

What did you expect to happen？

Ideally, no insecure libs should be used.

How can we automate the detection of these types of issues?

By using the GitHub Actions configurations provided by murphysec, we can conduct automatic code security checks in our CI pipeline.

The specification of the pull request

PR Specification from OSCS

khuedoan commented 8 months ago

Thank you, but we shouldn't just upgrade one indirect package, superseded by https://github.com/khuedoan/homelab/commit/9df8fea61521a2b53fd51117d971d72f4682a230

(Synced terratest fork, then run go get -u all)