You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Golang 1.22.2 has a vulnerability in the form of CVE-2024-24788 , which has been fixed in 1.22.3
Since the latest version was built on 1.22.2, it is setting of Trivy (especially since Trivy update to scan stdlib - i.e. the version of Golang a binary was compiled with).
I am not sure how to address this in the form of a PR, since no change is needed except to rebuild the artifacts (releases) with Golang 1.22.3 .
Since go.mod uses go 1.22 , I don't know if you'd be open to additionally specifying the patch version (i.e. go 1.22.3).
Thanks for your time.
The text was updated successfully, but these errors were encountered:
Golang 1.22.2 has a vulnerability in the form of CVE-2024-24788 , which has been fixed in 1.22.3
Since the latest version was built on 1.22.2, it is setting of Trivy (especially since Trivy update to scan stdlib - i.e. the version of Golang a binary was compiled with).
I am not sure how to address this in the form of a PR, since no change is needed except to rebuild the artifacts (releases) with Golang 1.22.3 .
Since
go.mod
usesgo 1.22
, I don't know if you'd be open to additionally specifying the patch version (i.e.go 1.22.3
).Thanks for your time.
The text was updated successfully, but these errors were encountered: