-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade golang.org/x/text to 0.3.7 #60
Conversation
The old version, 0.3.0, was vulnerable to CVE-2020-14040: https://nvd.nist.gov/vuln/detail/CVE-2020-14040
Are we able to merge this? |
It doesn't look like Scuttle is actively maintained at the moment. I don't have write permissions to this repository, so unfortunately I can't merge. |
Hey all, I'm not with Redbox anymore and I don't have access to help you out here. I don't think this is being maintained by anyone. I am working on a replacement to Scuttle, same idea just a better way to handle configuration/extendability. I think it should be open sourced this week or next, I can post it here if you guys are interested. Unfortunately I think the only other option is to fork this. @wgfm @dosullivan557 |
Hey @linjmeyer - that sounds great - if you could share once ready, that would be great! |
@linjmeyer any update on the new version? |
I'm maintaining a fork that has everything updated: https://github.com/kvij/scuttle |
I don't have any updates sadly, we have a new tool internally where I work currently but open sourcing it seems unlikely at this point. I think using a maintained fork is your best bet. Thanks @kvij for forking it and updating! |
I'm going to close this PR, as it is never going be merged. Also, I have moved companies and I have no stake in this anymore. |
Sorry all this took so long, but we have opened sourced an alternative to scuttle here at The Aspen Group: https://github.com/tag-oss/rescuttle Same idea, but it is a bit more flexible and easier to configure. Feel free to check it out! |
* use arm64 supported curlimages/curl instead of busyboxplus:curl * use arm64 supported kvij/scuttle instead of redboxoss/scuttle redboxllc/scuttle#60 (comment) * remove explicit GOARCH=amd64 * build arm64 image with qemu, update workflow versions in push.yml * revert pushing worktree for branch working_arm64 by mistake * fix starter dockerfile * revert to buildx version 0.9.1 * keep USER 65532:65532
The old version, 0.3.0, is vulnerable to CVE-2020-14040: https://nvd.nist.gov/vuln/detail/CVE-2020-14040
Resolves #51