Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump go-kit to 0.12.0 #3699

Closed
wants to merge 1 commit into from
Closed

Bump go-kit to 0.12.0 #3699

wants to merge 1 commit into from

Conversation

sinkingpoint
Copy link

go-kit 0.11.0 has a dependency on github.com/dgrijalva/jwt-go which has
a few vulns. Namely dgrijalva/jwt-go#428.
go-kit switched to the properly maintained fork in
go-kit/kit#1026 so this commit bumps up to
0.12.0 in order to pick up that change and remove the dependency on the
vulnerable lib

Short description of the changes

  • Bump go-kit to 0.12.0 to remote dependency on github.com/dgrijalva/jwt-go

@sinkingpoint
Bump go-kit to 0.12.0
3a7499f 
go-kit 0.11.0 has a dependency on github.com/dgrijalva/jwt-go which has
a few vulns. Namely dgrijalva/jwt-go#428.
go-kit switched to the properly maintained fork in
go-kit/kit#1026 so this commit bumps up to
0.12.0 in order to pick up that change and remove the dependency on the
  vulnerable lib

Signed-off-by: Colin Douch <iam@colindou.ch>
@codecov
Copy link

codecov bot commented May 25, 2022

Codecov Report

Merging #3699 (3a7499f) into main (f2c6bda) will increase coverage by 0.01%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #3699      +/-   ##
==========================================
+ Coverage   97.34%   97.35%   +0.01%     
==========================================
  Files         268      268              
  Lines       15745    15745              
==========================================
+ Hits        15327    15329       +2     
+ Misses        330      328       -2     
  Partials       88       88
Impacted Files Coverage Δ
pkg/config/tlscfg/cert_watcher.go 94.73% <0.00%> (+2.10%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f9992f7...3a7499f. Read the comment docs.

@sinkingpoint sinkingpoint marked this pull request as ready for review May 25, 2022 16:08
@sinkingpoint sinkingpoint requested a review from a team as a code owner May 25, 2022 16:08
@yurishkuro
Copy link
Member

please resubmit the PR from a non-main branch in your fork, otherwise it would not pass the CI

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pavolloffay pavolloffay Awaiting requested review from pavolloffay pavolloffay is a code owner automatically assigned from jaegertracing/jaeger-maintainers

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sinkingpoint @yurishkuro