yq icon indicating copy to clipboard operation
yq copied to clipboard

Published 20 hours ago verified publisher icon mikefarah

Bump up GO to 1.20.5 due to security vulnerabilities

Open pranay-harness opened this issue 1 year ago • 2 comments

Version of yq: 4.34.1

Current GO version used: 1.20.4

Critical CVE's: CVE-2023-29405 CVE-2023-29402 CVE-2023-29404 CVE-2023-29403

Scanner: prismacloud (twistlock)

Fix: Upgrade GO to 1.20.5 and above

pranay-harness avatar Jun 19 '23 05:06 pranay-harness

Upvoting, can this be prioritized ?

raghuAtWings avatar Jul 03 '23 10:07 raghuAtWings

I think this issue can be closed. The current go version used by yq appears to be 1.21: https://github.com/mikefarah/yq/blob/master/go.mod

bitdivine avatar Apr 16 '24 21:04 bitdivine