2 comments
I just merged a commit for exactly this in rclone<p><a href="https://github.com/rclone/rclone/commit/ad8a108453f3ce983fb6c3675ced694ff6bc3b53" rel="nofollow">https://github.com/rclone/rclone/commit/ad8a108453f3ce983fb6...</a><p>It is interesting to dig into why.<p>There was a security vulnerability in golang.org/x/net/http2/h2c which meant govulncheck warned about it in the CI.<p>So I updated it and got a warning from the linter that the h2c sub package was deprecated in the latest version, so I removed it.<p>That is a lot of great tooling working to make things more secure in the Go ecosystem.<p>It does make work for maintainers though, and the Cambrian explosion of AI discovered security vulnerabilities has been particularly trying!
I love that anyone can write a blog post like this that will get slurped into all the models and we can just say: "use terraform to deploy H2C on GCR"... and it will know exactly what to do.