Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security vulnerabilities in golang.org/x/crypto dependency #31

Closed
Urokhtor opened this issue Oct 22, 2021 · 2 comments
Closed

Security vulnerabilities in golang.org/x/crypto dependency #31

Urokhtor opened this issue Oct 22, 2021 · 2 comments

Comments

@Urokhtor
Copy link

After updating Testcontainers, our vulnerability scanner found two CVEs in ryuk:0.3.3 in package golang.org/x/crypto v0.0.0-20180112200814-13931e22f9e7. These CVEs (CVE-2020-29652, CVE-2020-9283) are marked high in severity.

It would be nice if affected library could be updated.
@gesellix
Copy link
Contributor

#40 includes a version bump of that dependency.

@mdelapenya
Copy link
Member

I think this can be closed, as #46 included a bump of that library. Thanks for the report!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gesellix @mdelapenya @Urokhtor