rhysd / go-github-selfupdate

Binary self-update mechanism for Go commands using GitHub
https://godoc.org/github.com/rhysd/go-github-selfupdate/selfupdate
MIT License
597 stars 76 forks source link

update x/crypto. Fix CVE-2019-11840 #37

Closed bhamail closed 3 years ago

bhamail commented 3 years ago

I discovered a vulnerable library while using selfupdate in the nancy project. This one was found using the free OSSIndex service. Here's more details: OSSI Vuln Deets

rhysd commented 3 years ago

@bhamail Would you resolve conflicts caused by merging #36?

bhamail commented 3 years ago

Will do. I have a third fix that I’ll add as well.

On Tue, Jan 12, 2021 at 8:43 PM Linda_pp notifications@github.com wrote:

@bhamail https://github.com/bhamail Would you resolve conflicts caused by merging #36 https://github.com/rhysd/go-github-selfupdate/pull/36?

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/rhysd/go-github-selfupdate/pull/37#issuecomment-759148190, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAENKZ2KWKH5PCAMOFLSYWTSZT3FHANCNFSM4V77RQLQ .