You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The respective functionality (SSH server in golang.org/x/crypto/ssh) affected by CVE-2024-45337is not used by migrate at all, I think this is not really critical in context of this project.
Updating the dependency would be nice, but it's not a game changer.
Thanks @joschi. You're right. However, for some, not updating the dependency may be a little uncomfortable, bc Criticals have this annoying tendency to stop builds 😃
Describe the Bug
A critical vuln in golang.org/x/crypto detected by Grype:
Vuln:
CVE-2024-45337
Migrate Version
v4.18.1
Go Version
1.22
Additional context
This can be fixed with a PR by bumping golang.org/x/crypto from 0.27.0 to 0.31.0: #1210
The text was updated successfully, but these errors were encountered: