More information about this security flaw is available in the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=2329254 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Module go-gh is only used as development tool: $ grep github.com/hashicorp/copywrite * -R go.mod: github.com/hashicorp/copywrite v0.16.3 go.sum:github.com/hashicorp/copywrite v0.16.3 h1:9yOzvuMAVurKEmn2lIWLUYq1Nn7lsYTZMyXbUdEB9wk= go.sum:github.com/hashicorp/copywrite v0.16.3/go.mod h1:wl92lMJ9VBqxH9M5KWfseHzXtjj7Q2u5LnKhpS0Rclo= scripts/add-copyright-headers.sh:go run github.com/hashicorp/copywrite headers tools.go: _ "github.com/hashicorp/copywrite" $ cat tools.go (...) // This file tracks some external tools we use during development and release // processes. These are not used at runtime but having them here allows the // Go toolchain to see that we need to include them in go.mod and go.sum. (...)