-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Go version used to build releases #46
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Golang 1.17.1 (used for latest build 0.2.1) has several critical vulnerabilities (CVEs), and would be nice to use a more current version if possible for pre-built binaries (I'm lazy and I assume there are many others as well). I know it's a never-ending battle, but since this is used in Microsoft's azure-cli container this way (which uses a WAY older version, but that's another story -- and I can't fix that (easily) until this is resolved), I'm hoping this is easy and controversy-free. Thanks.
Currently Go 1.19.9+ or 1.20.4+ would be needed to be "Critical-CVE-free".
The text was updated successfully, but these errors were encountered: