search

samber / lo

💥 A Lodash-style Go library based on Go 1.18+ Generics (map, filter, contains, find...)
https://pkg.go.dev/github.com/samber/lo
MIT License
18.02k stars 830 forks source link

[Snyk] Security upgrade golang from 1.21.12 to 1.22.6 #530

Closed samber closed 2 months ago

samber commented 2 months ago

snyk-top-banner

Snyk has created this PR to fix 2 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

We recommend upgrading to golang:1.22.6, as this image has only 89 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
medium severity Out-of-bounds Read
SNYK-DEBIAN12-CURL-7575306		   514  
medium severity Out-of-bounds Read
SNYK-DEBIAN12-CURL-7575306		   514  
medium severity Out-of-bounds Read
SNYK-DEBIAN12-CURL-7575306		   514  
critical severity Link Following
SNYK-DEBIAN12-GIT-6846203		   500  
critical severity Link Following
SNYK-DEBIAN12-GIT-6846203		   500  

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

codecov-commenter commented 2 months ago

:warning: Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 94.48%. Comparing base (db0f4d2) to head (3caaa66). Report is 1 commits behind head on master.

:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #530 +/- ## ======================================= Coverage 94.48% 94.48% ======================================= Files 17 17 Lines 2757 2757 ======================================= Hits 2605 2605 Misses 150 150 Partials 2 2 ``` | [Flag](https://app.codecov.io/gh/samber/lo/pull/530/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Samuel+Berthe) | Coverage Δ | | |---|---|---| | [unittests](https://app.codecov.io/gh/samber/lo/pull/530/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Samuel+Berthe) | `94.48% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Samuel+Berthe#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.