Re-check whether security issue with git-urls has been resolved #83
Labels
dependency
Issues related to dependencies
Comments
miselico
changed the title
miselico
added a commit
that referenced
this issue
Jan 21, 2024
* updating to go 1.21, also upgrading versions in blubber and upgrading dependencies * explicitly specifying the toolchain breaks codeQL, so left that commented out * Semgrep is no longer availble for unattended workflows as it used to be, that is now not part of the workflow any longer. Issue created for considering an alternative #82 * also temporarily replacing the vulnerable git-urls package with a version which has the vulnerability fixed see #83 --------- Co-authored-by: Michael Cochez <miselico@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We added
because the former has a security vulnerability. As long as this is not fixed, we use this alternative.
See whilp/git-urls#25 for a pull request which would solve this.
The text was updated successfully, but these errors were encountered: