Chisel golang.org/x/crypto 0.33 #213
Comments
|
I just tested with updated packages and Go version 1.23. When I build it with this, this issue is solved. |
|
You are right about this and we will take a look, but rest assured because Chisel doesn't even use SSH so this doesn't affect us. That said, we should still update. |
|
Hi @letFunny yes I understand! Let me know if I can do anything to help out, really love your work, its an amazing tool! |
|
@nilsdebruin thank you! At the moment is more a conversation of compatibility and the Go versions shipped with Ubuntu, that's why it will take a bit longer. |
|
@letFunny no worries! I have created a docker image (which is based on the 1.23), which can be used as the chisel binary while building other images: |
|
@nilsdebruin I created a PR to update chisel to Go 1.23 and all its tests and dependencies #219. We will merge it once we finish with the major features we have planned. It will not be a priority because we are not affected by any CVE and we want to prioritize improving the UX significantly by delivering said features. |
|
@letFunny great to hear and thanks for all your work, it is great that we have this fantastic tool! |
Hi!
Recently I helped in updating the Go and its dependencies. Currently, in the latest version I helped with, there is still a CVE as reported by Docker Scout. It is CVE-2025-22869 with a severity of high. The problem is, that there is currently no solution for Go 1.22.x. As mentioned in my other PR, with Go 1.24 it is solvable, but I think you mentioned that Go 1.24 is currently not the best approach. Let me know if I can help out in anyway!
The text was updated successfully, but these errors were encountered: