Security Vulnerability Upgrading golang.org/x/text

[ybocalandro]

Request to update golang.org/x/text prior to v0.3.6 library to non-vulnerable version v0.3.7.

CVE-2020-14040
CVE-2021-38561

[ybocalandro]

Hello @KaylaNguyen I'm a new collaborator to this repo and I would like to get some traction on this request, to solve an indirect dependency. Please if you are not the best point of contact, can you point me in the right direction? Thanks

[KaylaNguyen]

Thanks for the pr! @jinglundong is the POC for this repo now. Jinglun can you take a look? Thanks!

[jinglundong]

Thank for looping me in, Kayla. This repo is the source of truth. I will review and release this hopefully this week.

[ybocalandro]

Hello @jinglundong Thanks for reviewing this PR. Please notice I had an issue with my GPG key I just fixed but is causing this PR to be re-approved. Sorry for any inconvenience. Also when do you estimate this change will be released? Thanks

[jinglundong]

No worries. I approved the workflow that runs the tests. Let's see how it goes.

[ybocalandro]

Hello @jinglundong Do you have an estimate when this change will be released? Thanks

[jinglundong]

I created a new release (with tag v2.0.2). Based on my reading of our playbook, that's all we need to release it. Please change the entry in go.mod to require google.golang.org/appengine/v2 v2.0.2 and let us know if it's patched properly. Thanks!