Merge pull request #241 from cyberark/update-golang.org/x/text

Resolve CVE-2022-32149 by forcing golang.org/x/text to v0.3.8
cyberark · Nov 1, 2022 · 2b8d1b0 · 2b8d1b0
2 parents 01aea32 + 6ac2377
commit 2b8d1b0
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
   [cyberark/summon#240](https://github.com/cyberark/summon/pull/240)
 
 ### Security
+- Force golang.org/x/text to use v0.3.8 
+  [cyberark/summon#241](https://github.com/cyberark/summon/pull/241)
 - Update aruba (0.6.2 -> 2.0.0), cucumber (2.0.0 -> 7.1.0) and other necessary
   dependencies in acceptance/Gemfile.lock
   [cyberark/summon#239](https://github.com/cyberark/summon/pull/239)

diff --git a/go.mod b/go.mod
@@ -20,6 +20,8 @@ go 1.19
 
 replace golang.org/x/net v0.0.0-20220812174116-3211cb980234 => golang.org/x/net v0.0.0-20220923203811-8be639271d50
 
+replace golang.org/x/text v0.3.7 => golang.org/x/text v0.3.8
+
 replace gopkg.in/yaml.v2 v2.2.2 => gopkg.in/yaml.v2 v2.2.8
 
 replace gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c => gopkg.in/yaml.v3 v3.0.1