psanford
commented
2 years ago I don't see much point in doing this. This is a test only dependency used by one of our dependencies. We don't link to gin at all. We are not vulnerable to CVE-2020-28483.
Closed Jacalz closed 2 years ago
psanford
commented
2 years ago I don't see much point in doing this. This is a test only dependency used by one of our dependencies. We don't link to gin at all. We are not vulnerable to CVE-2020-28483.
Jacalz
commented
2 years ago Indeed, we are not vulnerable to the CVE. However, as there isn’t much work happening upstream, I wanted to at least get rid of the warning.
I am also getting security warnings on GitHub because of this and I suspect that anyone else using this project probably also get those warnings. They might not know that the issue doesn’t affect us.
Either way, this was just a suggestion to fix the warning. Feel free to close it if you don't think it's worth it.
Jacalz
commented
2 years ago I guess I'll close this then. Feel free to reopen and merge if you have changed your mind.
There doesn't seem to be much movement upstream on this. Let's update our transitive dependecy in the meantime.
Fixes #64