New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update several, sometimes year old go dependencies with well-known CVEs #1392
Comments
Not sure if this is the right approach to scan for vulnerabilities since versions of transient dependencies are replaced with newer versions For example, the mentioned |
Hm ok @denis256, i get your point. The thing is, that (at least in my case) those dependencies are downloaded whenever i run terratest.
Screenshot from the Firewall blocking downloading terratest unsing |
Describe the bug
The latests terratest version 0.46.11 relies on sometimes year old versions of several go-sdks for which security scanners report well-known CVEs. This should probably be updated.
To Reproduce
Versions
The text was updated successfully, but these errors were encountered: