Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove gorilla/websocket replace directive once it's not needed #2931

Closed
2 tasks
ptrus opened this issue May 21, 2020 · 1 comment
Closed
2 tasks

Remove gorilla/websocket replace directive once it's not needed #2931

ptrus opened this issue May 21, 2020 · 1 comment
Labels
c:deps Category: external dependencies s:blocked Status: blocked on other work

Comments

@ptrus
Copy link
Member

ptrus commented May 21, 2020

Remove the gorilla/websocket replace directive once it's not needed anymore.

  • Once spf13/cobra version with bumped dependencies is released (Vulnerability in downstream library: gorilla/websocket spf13/cobra#1091) we can replace the directive with a spf13/cobra replace.

  • Once tendermint doesn't depend on a version of spf13/cobra with gorilla/websocket@1.4.0, the replace directive can be removed. At this point also remove the ignored vulnerability in .nancy-ignore.
@ptrus ptrus added the c:deps Category: external dependencies label May 21, 2020
This was referenced May 21, 2020
Merged
Closed
@ptrus ptrus added the s:blocked Status: blocked on other work label May 21, 2020
@Yawning
Copy link
Contributor

Yawning commented Dec 16, 2021

The replace directive is long gone, and go.sum no longer references gorilla/websocket@1.4.0

@Yawning Yawning closed this as completed Dec 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
c:deps Category: external dependencies s:blocked Status: blocked on other work
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Yawning @ptrus