| ▲ | nickcw 3 hours ago | |
I just merged a commit for exactly this in rclone https://github.com/rclone/rclone/commit/ad8a108453f3ce983fb6... It is interesting to dig into why. There was a security vulnerability in golang.org/x/net/http2/h2c which meant govulncheck warned about it in the CI. So I updated it and got a warning from the linter that the h2c sub package was deprecated in the latest version, so I removed it. That is a lot of great tooling working to make things more secure in the Go ecosystem. It does make work for maintainers though, and the Cambrian explosion of AI discovered security vulnerabilities has been particularly trying! | ||