data/reports: add vulnerable_at to GO-2021-0094.yaml

Aliases: CVE-2020-29529

Updates #94

Change-Id: I065e04bfa1434500f74c644e900439099266e06c
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465796
Run-TryBot: Tatiana Bradley <[email protected]>
Reviewed-by: Tim King <[email protected]>
TryBot-Result: Gopher Robot <[email protected]>

Author: tatianab

data/reports/GO-2021-0094.yaml

@@ -2,11 +2,11 @@ modules:
   - module: github.com/hashicorp/go-slug
     versions:
       - fixed: 0.5.0
+    vulnerable_at: 0.4.3
     packages:
       - package: github.com/hashicorp/go-slug
         symbols:
           - Unpack
-        skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
 description: |
     Protections against directory traversal during archive extraction can be
     bypassed by chaining multiple symbolic links within the archive. This allows