This repository has been archived by the owner on Mar 26, 2020. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
The vendored golang.org/x/net has been updated to 146acd28ed5894421fb5aac80ca93bc1b1f46f87 which contains cf3bd585ca2a5a21b057abd8be7eea2204af89d0 a fix for CVE-2018-17142. CVE-2018-17142 does not affect GD2 in any way. Neither GD2 nor any of its dependencies call html.Parse(), which had the CVE. The dependency is being update to ensure that the vendored source tarball that is generated doesn't have the source with the CVE.
- Loading branch information
