oksvg icon indicating copy to clipboard operation
oksvg copied to clipboard

Published 20 hours ago verified publisher icon srwiley

Dependency text 0.3.6 is vulnerable

Open Akaame opened this issue 3 years ago • 6 comments
trafficstars

https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXTEXTINTERNALLANGUAGE-2400718

All versions of golang.org/x/text below 0.3.7 are vulnerable. Updating to a later golang.org/x/net should solve this issue for the project.

Cheers.

Akaame avatar Feb 15 '22 13:02 Akaame

Thank you Akaame. Is there specific action I should take, like encouraging versioning somehow? IIRC the dependency on golang.org/x/text is just to make character interpretation during xml parsing to work correctly. All input is appreciated.

srwiley avatar Feb 17 '22 04:02 srwiley

I opened a PR to update it so we can see the warning gone :)

Jacalz avatar May 31 '22 13:05 Jacalz