-
Notifications
You must be signed in to change notification settings - Fork 419
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
go.mod: bump several dependency versions to avoid vulnerabilities #1338
Conversation
go.mongodb.org/mongo-driver -> v1.7.5 golang/github.com/jinzhu/gorm -> v1.9.10 Fixes #1335
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks Kyle! If you think it would be appropriate, I can open a PR to change the jiznhu/gorm
tests so they don't break because of slight changes in the SQL query text formatting (like this failure). Other than those failures I suspect this upgrade doesn't actually break that integration.
Thanks, @nsrip-dd. I have time to go ahead and fix those tests. I agree, the upgrade doesn't break the integration. We just happen to depend on specific behavior from that specific version for the tests. Not ideal, but it's fine for now. |
The spans should be tagged with the query, but the exact format of the query can change between gorm library versions (e.g. inserting extra whitespace). We can get the text through a callback and compare against that rather than hard-coding the text.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@nsrip-dd very nice fix.
@@ -42,8 +41,7 @@ require ( | |||
github.com/gomodule/redigo v1.7.0 | |||
github.com/google/pprof v0.0.0-20210423192551-a2663126120b | |||
github.com/google/uuid v1.3.0 | |||
github.com/gorilla/context v1.1.1 // indirect |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Were these other go.mod changes just from go mod tidy
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, exactly.
go.mongodb.org/mongo-driver -> v1.7.5
golang/github.com/jinzhu/gorm -> v1.9.10
Fixes #1335