MShekow
commented
1 year ago From looking at the code, I don't understand why golang.org/x/text is needed at all. It is only used in util.go in a function NeuterAccents() which is never called...
Open MichaelMcAleer opened 1 year ago
MShekow
commented
1 year ago From looking at the code, I don't understand why golang.org/x/text is needed at all. It is only used in util.go in a function NeuterAccents() which is never called...
MShekow
commented
1 year ago Would be great if this could be addressed :)
0x4c6565
commented
1 year ago @MShekow added https://github.com/spf13/afero/pull/391 to address this
golang.org/x/text versions before 0.3.8 are vulnerable to CVE-2022-32149:
This was flagged in a Whitesource/Mend vulnerability scan. Please update golang.org/x/text in go.mod to a version equal to or higher than 0.3.8.
https://www.cve.org/CVERecord?id=CVE-2022-32149 https://www.mend.io/vulnerability-database/CVE-2022-32149