Sec Vulnerability on package github.com/square/go-jose

Question

mcfongtw opened this issue 8 months ago · comments

Our internal security scanning tool found that the latest (v0.4.22) grpc_health_probe is vulnerable to this GHSA

Ahmet Alp Balkan · Answer 1 · Thu Nov 23 2023 03:02:52 GMT+0800 (China Standard Time)

Feel free to suppress it as it does not impact. Fix is merged but no release yet.

nithya-ganesan · Answer 2 · Thu Nov 23 2023 21:43:38 GMT+0800 (China Standard Time)

Any idea on when a new release be made with this vulnerability fix?

Erich Fussi · Answer 3 · Fri Nov 24 2023 00:17:26 GMT+0800 (China Standard Time)

For the record, the PR is #170.

Ahmet Alp Balkan · Answer 4 · Mon Nov 27 2023 09:50:32 GMT+0800 (China Standard Time)

Fixed. But seriously please tune your security scanner. These are all noisy warnings.