Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updating modules to avoid some vulnerable dependencies #110

Merged
merged 1 commit into from
Oct 11, 2021
Merged

Updating modules to avoid some vulnerable dependencies #110

merged 1 commit into from
Oct 11, 2021

Conversation

nathanmartinszup
Copy link
Contributor

@nathanmartinszup nathanmartinszup commented Oct 8, 2021
edited
Loading

Signed-off-by: nathanmartinszup nathan.martins@zup.com.br

- What I did

  • Reduced total vulnerabilities from 16 to 12, this removed 4 dependencies vulnerabilities issues.
    Of these 12 vulnerabilities 9 are false positives and 3 dependencies of the dependencies.

Follows the list of dependencies that still remain:

github.com/satori/go.uuid > github.com/jackc/pgx/v4 > gorm.io/driver/postgres
github.com/gogo/protobuf >  github.com/prometheus/common > github.com/prometheus/client_golang
  • Removed protobuf deprecated module module github.com/golang/protobuf is deprecated: Use the "google.golang.org/protobuf" module instead, also updated grpc generated files.

- How to verify it

- Description for the changelog

@nathanmartinszup
Updating modules to avoid some vulnerable dependencies
f507d78 
Signed-off-by: nathanmartinszup <nathan.martins@zup.com.br>
@nathanmartinszup nathanmartinszup force-pushed the hotfix/vulnerable-dependencies branch from e35683c to f507d78 Compare October 11, 2021 13:52
@nathanmartinszup nathanmartinszup merged commit fe17556 into main Oct 11, 2021
@nathanmartinszup nathanmartinszup deleted the hotfix/vulnerable-dependencies branch October 11, 2021 17:35
@matheusalcantarazup matheusalcantarazup mentioned this pull request Oct 13, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matheusalcantarazup matheusalcantarazup matheusalcantarazup left review comments

@lucasbrunozup lucasbrunozup lucasbrunozup approved these changes

@iancardosozup iancardosozup iancardosozup approved these changes

@wiliansilvazup wiliansilvazup Awaiting requested review from wiliansilvazup

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nathanmartinszup @lucasbrunozup @matheusalcantarazup @iancardosozup