New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
github.com/golang/protobuf/proto was deprecated #1136
Comments
I'd just like to bump this issue! We're seeing some security vulns from this package related to I think this would also involve updating DataDog/sketches-go to 1.3.0. This means #1051 would need to be merged first. |
#1051 is now merged, we'll bump protobuf in a moment 🙌 |
Any update on this? the deprecated protobuf module is still in go.mod |
Hi, seems like the deprecated libraries are still here. Any update as to when the fix will be pushed out? Seeing the following vulnerabilities:
@dianashevchenko fyi |
We use https://github.com/DataDog/dd-trace-go/blob/main/SECURITY.md#reporting-a-vulnerability However, if the tool has missed any vulnerabilities that you feel could affect customers, please file a support ticket so we can address that quickly. |
As far as upgrading github.com/golang/protobuf/proto, we are actively looking into that and will loop back around soon. |
Just jumping in real quick - We’re looking into right now and it seems that since we support an older version of one of the grpc libraries, we’re unable to remove the dependency right away without looking into some alternatives. Rest assured we are looking into it and will continue to keep you updated. |
The library github.com/golang/protobuf/proto was deprecated over a year ago.
The new home is google.golang.org/protobuf/proto
Also, "github.com/golang/protobuf/jsonpb" has been deprecated by "google.golang.org/protobuf/encoding/protojson"
I have updated quite a few repos recently and I'll try to get a PR to you soon.
The text was updated successfully, but these errors were encountered: