Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update (test) dependencies #2021

Merged
merged 2 commits into from Nov 10, 2021
Merged

update (test) dependencies #2021

merged 2 commits into from Nov 10, 2021

Conversation

aldas
Copy link
Contributor

@aldas aldas commented Nov 5, 2021

We still use github.com/stretchr/testify@v1.4.0 which in turns uses gopkg.in/yaml.v2@v2.2.2 which has problems

fixes #2020

use 1.14 for choosing updated deps. Using current tip (1.17) will cause tests fail as some packages are not supporting 1.14.
`docker run --rm -it -v $(pwd):/project golang:1.14 /bin/sh -c "cd /project && go get ./... && go mod tidy"`
@aldas aldas requested a review from lammel November 5, 2021 09:17
@aldas aldas merged commit 0c4ad86 into labstack:master Nov 10, 2021
@ilteoood
Copy link

ilteoood commented Jan 2, 2022

Hi @aldas,
do you know when this fix will be published?

@aldas
Copy link
Contributor Author

aldas commented Jan 2, 2022

I'll tag a new version by Wednesday

@ilteoood
Copy link

ilteoood commented Jan 7, 2022

Hi @aldas, any news about this?

@aldas
Copy link
Contributor Author

aldas commented Jan 8, 2022

I tagged 4.6.2 including this PR. I wanted to wait to get some other PRs in but these reviews take time.

@aldas aldas deleted the update_deps branch July 12, 2022 19:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

CVE embedded via testify@v1.4.0 -> gopkg.in/yaml.v2 dependencies
2 participants