-
Notifications
You must be signed in to change notification settings - Fork 5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: vulnerabilities in dependency package hints #11434
Conversation
upgrade package dependencies |
Codecov ReportBase: 46.70% // Head: 46.70% // No change to project coverage 👍
Additional details and impacted files@@ Coverage Diff @@
## master #11434 +/- ##
=======================================
Coverage 46.70% 46.70%
=======================================
Files 240 240
Lines 39771 39771
=======================================
Hits 18577 18577
Misses 19310 19310
Partials 1884 1884
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
Signed-off-by: fsl <1171313930@qq.com>
@fengshunli can we split this into multiple PRs? I'd like to cherry-pick back the x/net upgrade but leave the others for 2.6 to minimize potentially introducing bugs. |
goutils and mongo-driver @crenshaw-dev there are potential security risks, which need to be upgraded to solve |
@fengshunli those can be in a separate PR. They'll need more analysis, because we may or may not want to cherry-pick them back, depending on the risk/benefit of closing the vulnerability vs. introducing bugs on patch releases. |
@crenshaw-dev do you mean, I separate indirect dependencies and direct references to pr? see net pr #11447 |
Closing since none of these deps apply anymore |
Signed-off-by: fengshunli fengshunli520@gmail.com
Note on DCO:
If the DCO action in the integration test fails, one or more of your commits are not signed off. Please click on the Details link next to the DCO action for instructions on how to resolve this.
Checklist: