New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
security: up dependencies to fix security vulnerabilities #3390
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: Samantha Coyle <sam@diagrid.io>
Signed-off-by: Samantha Coyle <sam@diagrid.io>
Signed-off-by: Samantha Coyle <sam@diagrid.io>
Signed-off-by: Samantha Coyle <sam@diagrid.io>
Going to let this sit until closer to code freeze ~May 28th, as this should be part of the release process. |
Signed-off-by: Bernd Verst <github@bernd.dev>
Signed-off-by: Bernd Verst <github@bernd.dev>
If you don't want something merged you should make it a draft PR @sicoyle |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When you imported dapr/dapr
1.13.2 into certification tests it seems that a method signature has changed in Dapr runtime (happens often). You need to update all cert test with the method changes.
After some examination it seems the errors are related to tracing changes. Please resolve this to get this PR merged. Thanks!
Error is this
Error: /home/runner/go/pkg/mod/github.com/dapr/dapr@v1.13.2/pkg/runtime/hotreload/loader/disk/resource.go:33:21: not enough type arguments for type Batcher: have 1, want 2
Error: /home/runner/go/pkg/mod/github.com/dapr/dapr@v1.13.2/pkg/runtime/hotreload/loader/disk/resource.go:48:31: cannot infer T (/home/runner/go/pkg/mod/github.com/dapr/kit@v0.13.1-0.20240402103809-0c7cfce53d9e/events/batcher/batcher.go:50:24)```
Description
Dapr has a few vulnerabilities that we should address from a security perspective by upping our dependency versions 👇
Also update test go modules as those should be kept current with regular code depenencies.
Issue reference
We strive to have all PR being opened based on an issue, where the problem or feature have been discussed prior to implementation.
Please reference the issue this PR will close: #[issue number]
Checklist
Please make sure you've completed the relevant tasks for this PR, out of the following list: