search

spf13 / afero

A FileSystem Abstraction System for Go
Apache License 2.0
5.93k stars 508 forks source link

Update dependencies to fix vulnerability included in github.com/pkg/sftp dependency #330

Closed cboitel closed 2 years ago

cboitel commented 2 years ago

This project makes use of github.com/pkg/sftp v1.10.1 which is suffering a vulnerability (see https://github.com/pkg/sftp/issues/308) which is fixed since v1.11

By upgrading to latest version of sftp module, v1.13.4 as of today, it would avoid integrating the vulnerability

cboitel commented 2 years ago

Any news ?

0xmichalis commented 2 years ago

Should be fixed now

https://github.com/spf13/afero/blob/d8a4ef9d0539711f2bb78720df97f9332f3b6799/go.mod#L6