CVE-2020-29652 in golang.org/x/crypto with high severity

[JorritSalverda]

Version v3.1.3 has the following vulnerability:

+---------------------+------------------+----------+------------------------------------+------------------------------------+
|       LIBRARY       | VULNERABILITY ID | SEVERITY |         INSTALLED VERSION          |           FIXED VERSION            |
+---------------------+------------------+----------+------------------------------------+------------------------------------+
| golang.org/x/crypto | CVE-2020-29652   | HIGH     | v0.0.0-20200220183623-bac4c82f6975 | v0.0.0-20201216223049-8b5274cf687f |
+---------------------+------------------+----------+------------------------------------+------------------------------------+

Can this module get updated?

[JorritSalverda]

With the trivy tool you can run trivy repo https://github.com/databus23/helm-diff to see what other vulnerabilities are found in the master branch.

[mumoshu]

@JorritSalverda Hey! Thanks for reporting. This has been addressed in #292

[JorritSalverda]

@mumoshu thanks! Any chance you can create a new release for this?

[maver1ck]

@mumoshu ping