Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unmaintained Dependency muesli/sasquatch in the crypto package #256

Open
nkxxll opened this issue Feb 3, 2024 · 1 comment
Open

Unmaintained Dependency muesli/sasquatch in the crypto package #256

nkxxll opened this issue Feb 3, 2024 · 1 comment
Assignees
@muesli

Comments

@nkxxll
Copy link

nkxxll commented Feb 3, 2024

Just as an info muesli/sasquatch has no commits since 2 years and the crypto library is way too old for a crypto lib (< v8, current is v18).
!!This is a potential security risk!!

In my opinion the best but not the easiest solution would be to use the https://pkg.go.dev/golang.org/x/crypto module directly.
If I can help in any way to resolve this issue let me know...

Hope I could help!
Have a nice one! <3
@mschneider82
Copy link

i would rather switch to https://github.com/minio/sio this provides a io.ReaderAt which could be a big improvement for the filesystem implementation.
The issue switching the crypto lib is the migration path

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@muesli muesli

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@muesli @mschneider82 @nkxxll