fix(sec): upgrade golang.org/x/sys to 0.1.0 #571

chncaption · 2023-09-11T13:00:47Z

What happened？

There are 1 security vulnerabilities found in golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6

CVE-2022-29526

What did I do？

Upgrade golang.org/x/sys from v0.0.0-20220503163025-988cb79eb6c6 to 0.1.0 for vulnerability fix

What did you expect to happen？

Ideally, no insecure libs should be used.

How can we automate the detection of these types of issues?

By using the GitHub Actions configurations provided by murphysec, we can conduct automatic code security checks in our CI pipeline.

The specification of the pull request

PR Specification from OSCS

ncabatoff · 2023-09-25T19:10:26Z

Hi @chncaption,

I'm curious why you've chosen such an old version of x/sys to move to? I see that it's the newest version available newer than that we have now, but it probably makes sense to use the newest one available. Would you mind updating the PR please?

update golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6 to 0.1.0

78d20b5

chncaption requested a review from a team as a code owner September 11, 2023 13:00

chncaption requested review from banks and removed request for a team September 11, 2023 13:00

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(sec): upgrade golang.org/x/sys to 0.1.0 #571

fix(sec): upgrade golang.org/x/sys to 0.1.0 #571

chncaption commented Sep 11, 2023

ncabatoff commented Sep 25, 2023

fix(sec): upgrade golang.org/x/sys to 0.1.0 #571

Are you sure you want to change the base?

fix(sec): upgrade golang.org/x/sys to 0.1.0 #571

Conversation

chncaption commented Sep 11, 2023

What happened？

What did I do？

What did you expect to happen？

How can we automate the detection of these types of issues?

The specification of the pull request

ncabatoff commented Sep 25, 2023