search

psanford / wormhole-william

End-to-end encrypted file transfer. A magic wormhole CLI and API in Go (golang).
MIT License
1.07k stars 54 forks source link

Update deps to avoid vulnerability. #97

Closed vext01 closed 1 year ago

vext01 commented 1 year ago

Hi,

Running govuln, I get:

Found 1 vulnerability in packages that you import, but there are no call
stacks leading to the use of this vulnerability. You may not need to
take any action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck
for details.

Vulnerability #1: GO-2022-0493
  When called with a non-zero flags parameter, the Faccessat
  function can incorrectly report that a file is accessible.
  More info: https://pkg.go.dev/vuln/GO-2022-0493
  Found in: golang.org/x/sys@v0.0.0-20210415045647-66c3f260301c
  Fixed in: golang.org/x/sys@v0.0.0-20220412211240-33da011f77ad
Jacalz commented 1 year ago

I suspect that it should be solved with https://github.com/psanford/wormhole-william/pull/92 once it lands. It would be great to get a review of that one.

psanford commented 1 year ago

That error message says we are not vulnerable.