CVE-2023-39325 - (High) detected in golang.org/x/net-v0.14.0

onsi / gomega

Ginkgo's Preferred Matcher Library

http://onsi.github.io/gomega/

MIT License

2.15k stars 282 forks source link

CVE-2023-39325 - (High) detected in golang.org/x/net-v0.14.0 #707

Closed shalomyasap closed 10 months ago

shalomyasap commented 10 months ago

https://github.com/advisories/GHSA-4374-p667-p6c8 - High Severity Vulnerability

onsi commented 10 months ago

hey there - we don't have a formal SLA for updating security vulnerabilities. I'll take a look at this ASAP but please consider sponsoring (or asking your employer to sponsor) if you or your organization are using Ginkgo/Gomega in a mission-critical context.

onsi commented 10 months ago

This is now fixed in the latest release

shalomyasap commented 10 months ago

Thank you very much!!