c175fdb049
Update the vendored golang.org/x/crypto and golang.org/x/text modules to the latest versions, which in turn updates the vendored copy of the golang.org/x/net and golang.org/x/sys modules. Updating these modules' entries in vendor/modules.txt and go.{mod,sum} means we will not be flagged by security scanners regarding either CVE-2021-38561 or CVE-2022-27191, neither of which should actually affect Git LFS. The Git LFS client should not be affected by CVE-2021-38561 as it pertains the Go x/text/language package and specifically the BCP 47 tag functions, which Git LFS does not use. The Git LFS client should not be affected by CVE-2022-27191 as it pertains to the Go x/crypto/ssh package and specifically a crash vulnerability in the SSH server functions, which Git LFS does not use. The specific commands run to perform this update were: go get golang.org/x/crypto@latest && go get golang.org/x/text@latest && go mod tidy && go mod vendor |
||
---|---|---|
.. | ||
bidi | ||
norm |