---
- branch: MAIN
  date: Fri Oct  8 14:21:45 UTC 2021
  files:
  - new: '1.130'
    old: '1.129'
    path: pkgsrc/lang/go/version.mk
    pathrev: pkgsrc/lang/go/version.mk@1.130
    type: modified
  - new: '1.13'
    old: '1.12'
    path: pkgsrc/lang/go116/distinfo
    pathrev: pkgsrc/lang/go116/distinfo@1.13
    type: modified
  id: 20211008T142145Z.eec6d91e929675eec6fb44acc7e75f2ebd5f026d
  log: |
    Update go116 to 1.16.9.

    This minor release includes a security fix according to the new security policy.

    When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js,
    passing very large arguments can cause portions of the module to be overwritten
    with data from the arguments.

    If using wasm_exec.js to execute WASM modules, users will need to replace their
    copy (as described in https://golang.org/wiki/WebAssembly#getting-started)
    after rebuilding any modules.

    This is issue 48797 and CVE-2021-38297. Thanks to Ben Lubar for reporting this
    issue.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/lang'
  unixtime: '1633702905'
  user: bsiegert