CVE-2023-39325 caused by dependency on mimetype #1220
Comments
deankarn
added a commit
that referenced
this issue
Feb 11, 2024
Updated all library dependencies. - Addresses dependabot alerts. - closes #1205 #1220 ## Fixes Or Enhances **Make sure that you've checked the boxes below before you submit PR:** - [ ] Tests exist or have been written that cover this particular change. @go-playground/validator-maintainers Co-authored-by: Dean Karn <deankarn@reaver1.local>
d1slike
pushed a commit
to txix-open/validator
that referenced
this issue
Apr 1, 2024
Updated all library dependencies. - Addresses dependabot alerts. - closes go-playground#1205 go-playground#1220 ## Fixes Or Enhances **Make sure that you've checked the boxes below before you submit PR:** - [ ] Tests exist or have been written that cover this particular change. @go-playground/validator-maintainers Co-authored-by: Dean Karn <deankarn@reaver1.local>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The mimetype dependency is specified at v1.4.2, which is affected by a CVE impacting Go's
netpackage. v1.4.3 resolved the issue. There is a merge request already out there by Dependabot bumping the version ofnet, but the root cause should be addressed by bumpingmimetype, as well.The text was updated successfully, but these errors were encountered: