Version bump in order to fix security issues in Go libraries

vouch / vouch-proxy

an SSO and OAuth / OIDC login solution for Nginx using the auth_request module

MIT License

2.92k stars 327 forks source link

Version bump in order to fix security issues in Go libraries #531

Closed rodrigodealer closed 3 weeks ago

rodrigodealer commented 1 year ago

This PR fixes vulnerabilities issues both in golang.org/x/net and golang.org/x/text

Link for the vulnerabilities CVEs:

cve-2022-41717 cve-2022-32149 cve-2022-41723

The propose of this change is to correct vulnerabilities in both golang text and net packages. I've got this issue when I was running trivy against a source code and it flagged them as high risk vulnerabilities and thought would make sense to propose this change, since it wasn't already proposed.

rodrigodealer commented 1 year ago

@bnfinet Could you have a look at this PR?

yonas commented 3 weeks ago

This can be closed - versions have been bumped.