search

playwright-community / playwright-go

Playwright for Go a browser automation library to control Chromium, Firefox and WebKit with a single API.
https://playwright-community.github.io/playwright-go/
MIT License
1.94k stars 144 forks source link

Jose library has security Vulnurability, can this be upgraded to latest version. #445

Closed InduprasadSR closed 3 months ago

InduprasadSR commented 3 months ago

https://github.com/playwright-community/playwright-go/blob/main/go.mod#L7

go-jose has some High-security vulnerability, can this be upgraded to higher version?

image

https://nvd.nist.gov/vuln/detail/CVE-2020-29652

canstand commented 3 months ago

Only the json encoding and decoding function is used, so it is not affected. Don't worry.

Of course, the dependencies will be upgraded next time the version is released.

Will eventually switch to official encoding/json/v2 after it is available.

InduprasadSR commented 3 months ago

Thanks for addressing, waiting for the next release.