search

shenwei356 / rush

A cross-platform command-line tool for executing jobs in parallel
https://github.com/shenwei356/rush
MIT License
866 stars 63 forks source link

Update dependencies to remove CVE alerts #58

Closed etilite closed 1 month ago

etilite commented 1 month ago

Hello, can you please update imports?

Problem

CVE scanners are triggered by this indirect dependency golang.org/x/crypto v0.7.0 and it makes harder to use rush in some environments.

Solution

By simply updating to github.com/schollz/progressbar/v3 v3.10.0 we can remove this unnecessary import.

shenwei356 commented 1 month ago

fixed.

shenwei356 commented 1 month ago

new binaries: https://github.com/shenwei356/rush/releases/tag/v0.5.5

etilite commented 1 month ago

Thank you very much!