Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

This version of gosu is bringing cves #424

Open
dogruis opened this issue Nov 21, 2024 · 1 comment
Open

This version of gosu is bringing cves #424

dogruis opened this issue Nov 21, 2024 · 1 comment

Comments

@dogruis
Copy link

dogruis commented Nov 21, 2024

ENV GOSU_VERSION 1.17

tianon/gosu#151
I created an issue to fix the cve errors

linked to redis/redis#13663

After reading this thread I am convinced that gosu shouldn't be used at all. As the lib hasn't had a release in more than a year and the lib owner refuses to bump the golang version anytime soon to 1.23.
tianon/gosu#136

@dogruis
Copy link
Author

dogruis commented Dec 2, 2024

Just for the update the owner of the lib is refusing to update his library to fix CVEs as stated in his readme.
I understand there is false positives but still maintaining libraries should be a thing.
tianon/gosu#136

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant