Skip to content

Updating modules to avoid some vulnerable dependencies #110

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 11, 2021
Merged

Updating modules to avoid some vulnerable dependencies #110

merged 1 commit into from
Oct 11, 2021

Conversation

@nathanmartinszup
Copy link
Contributor

@nathanmartinszup nathanmartinszup commented Oct 8, 2021
edited
Loading

Signed-off-by: nathanmartinszup nathan.martins@zup.com.br

- What I did

  • Reduced total vulnerabilities from 16 to 12, this removed 4 dependencies vulnerabilities issues.
    Of these 12 vulnerabilities 9 are false positives and 3 dependencies of the dependencies.

Follows the list of dependencies that still remain:

github.com/satori/go.uuid > github.com/jackc/pgx/v4 > gorm.io/driver/postgres
github.com/gogo/protobuf >  github.com/prometheus/common > github.com/prometheus/client_golang
  • Removed protobuf deprecated module module github.com/golang/protobuf is deprecated: Use the "google.golang.org/protobuf" module instead, also updated grpc generated files.

- How to verify it

- Description for the changelog

matheusalcantarazup
matheusalcantarazup reviewed Oct 8, 2021
View reviewed changes
@nathanmartinszup
Updating modules to avoid some vulnerable dependencies
f507d78 
Signed-off-by: nathanmartinszup <nathan.martins@zup.com.br>
@nathanmartinszup nathanmartinszup force-pushed the hotfix/vulnerable-dependencies branch from e35683c to f507d78 Compare October 11, 2021 13:52
@nathanmartinszup nathanmartinszup merged commit fe17556 into main Oct 11, 2021
@nathanmartinszup nathanmartinszup deleted the hotfix/vulnerable-dependencies branch October 11, 2021 17:35
@matheusalcantarazup matheusalcantarazup mentioned this pull request Oct 13, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wiliansilvazup wiliansilvazup Awaiting requested review from wiliansilvazup

3 more reviewers

@matheusalcantarazup matheusalcantarazup matheusalcantarazup left review comments

@lucasbrunozup lucasbrunozup lucasbrunozup approved these changes

@iancardosozup iancardosozup iancardosozup approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@nathanmartinszup @lucasbrunozup @matheusalcantarazup @iancardosozup