Could you guy’s please fix this [HIGH] CVE-2023-0464 - libcrypto3-3.0.8-r0, and this golang.org/x/net │ CVE-2022-41723 │ HIGH │ v0.6.0 │ 0.7.0 │ golang.org/x/net/http2: avoid quadratic complexity in HPACK │ and please release a new version asap.
There are several pull requests open against hashi products to address this. See e.g.
hashicorp:main ← kevinwangcn:updategolangx
opened 05:43PM - 23 Mar 23 UTC
### Description
To address this security vulnerability issue which has a HIGH… severity.
https://nvd.nist.gov/vuln/detail/CVE-2022-41723
### Testing & Reproduction steps
<!--
* In the case of bugs, describe how to replicate
* If any manual tests were done, document the steps and the conditions to replicate
* Call out any important/ relevant unit tests, e2e tests or integration tests you have added or are adding
-->
### Links
<!--
Include any links here that might be helpful for people reviewing your PR (Tickets, GH issues, API docs, external benchmarks, tools docs, etc). If there are none, feel free to delete this section.
Please be mindful not to leak any customer or confidential information. HashiCorp employees may want to use our internal URL shortener to obfuscate links.
-->
### PR Checklist
* [ ] updated test coverage
* [ ] external facing docs updated
* [ ] not a security concern