c175fdb049
Update the vendored golang.org/x/crypto and golang.org/x/text modules to the latest versions, which in turn updates the vendored copy of the golang.org/x/net and golang.org/x/sys modules. Updating these modules' entries in vendor/modules.txt and go.{mod,sum} means we will not be flagged by security scanners regarding either CVE-2021-38561 or CVE-2022-27191, neither of which should actually affect Git LFS. The Git LFS client should not be affected by CVE-2021-38561 as it pertains the Go x/text/language package and specifically the BCP 47 tag functions, which Git LFS does not use. The Git LFS client should not be affected by CVE-2022-27191 as it pertains to the Go x/crypto/ssh package and specifically a crash vulnerability in the SSH server functions, which Git LFS does not use. The specific commands run to perform this update were: go get golang.org/x/crypto@latest && go get golang.org/x/text@latest && go mod tidy && go mod vendor |
||
---|---|---|
.. | ||
internal | ||
language | ||
secure/bidirule | ||
transform | ||
unicode | ||
AUTHORS | ||
CONTRIBUTORS | ||
LICENSE | ||
PATENTS |