Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update fasthttp dependency from v1.50.0 to v1.52.0 #477

Closed

Conversation

ddouglas
Copy link
Contributor

PR to address a security issue in v1.50.0 of fasthttp where a private key was included in the version

Issue #, if available:

Description of changes:
Bump version of fasthttp from v1.50.0 => v1.57.0

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

…y vulnerability in v1.50.0

swcap[#time 3m0s #project 0 #wt 9]
@ddouglas ddouglas requested a review from a team as a code owner October 29, 2024 19:37
@vastin
Copy link
Contributor

vastin commented Oct 29, 2024

Thanks for contributing PR to fix the security issue. The PR checks get some failures and it blocks the PR merge. Would you please help update the PR to fix the failures?

swcap[#time 1m0s #project 0 #wt 9]
swcap[#time 5m0s #project 0 #wt 9]
@ddouglas
Copy link
Contributor Author

@vastin Can you approve the new runs?

I was able to test this locally and they are passing

make test                                                                                                                                            
go test -cover `go list ./... | grep -v vendor`
?       github.com/aws/aws-xray-sdk-go/awsplugins/beanstalk     [no test files]
?       github.com/aws/aws-xray-sdk-go/awsplugins/ecs   [no test files]
ok      github.com/aws/aws-xray-sdk-go/awsplugins/ec2   (cached)        coverage: 44.2% of statements
ok      github.com/aws/aws-xray-sdk-go/daemoncfg        (cached)        coverage: 93.4% of statements
ok      github.com/aws/aws-xray-sdk-go/header   (cached)        coverage: 88.9% of statements
?       github.com/aws/aws-xray-sdk-go/internal/plugins [no test files]
?       github.com/aws/aws-xray-sdk-go/resources        [no test files]
?       github.com/aws/aws-xray-sdk-go/utils    [no test files]
?       github.com/aws/aws-xray-sdk-go/xraylog  [no test files]
ok      github.com/aws/aws-xray-sdk-go/instrumentation/awsv2    6.695s  coverage: 93.8% of statements
ok      github.com/aws/aws-xray-sdk-go/internal/logger  (cached)        coverage: 58.3% of statements
ok      github.com/aws/aws-xray-sdk-go/lambda   (cached)        coverage: 75.0% of statements
ok      github.com/aws/aws-xray-sdk-go/pattern  (cached)        coverage: 100.0% of statements
ok      github.com/aws/aws-xray-sdk-go/strategy/ctxmissing      (cached)        coverage: 100.0% of statements
ok      github.com/aws/aws-xray-sdk-go/strategy/exception       (cached)        coverage: 96.6% of statements
ok      github.com/aws/aws-xray-sdk-go/strategy/sampling        (cached)        coverage: 83.3% of statements
ok      github.com/aws/aws-xray-sdk-go/xray     72.108s coverage: 68.1% of statements

swcap[#time 5m0s #project 0 #wt 9]
@ddouglas
Copy link
Contributor Author

Apologies @vastin, I still used go1.23 locally. I installed 1.20 locally and ensured the go.mod file is valid for that version of go.

@vastin
Copy link
Contributor

vastin commented Oct 30, 2024

Hi ddouglas, thank you for the effort. Please run test with go 1.19 and go 1.20 which are required in PR checks.

swcap[#time 1m0s #project 0 #wt 9]
@ddouglas ddouglas changed the title update fasthttp dependency from v1.50.0 to v1.57.0 update fasthttp dependency from v1.50.0 to v1.52.0 Oct 31, 2024
@ddouglas
Copy link
Contributor Author

I reran the tests locally in docker. I had to make some changes to the go.mod file, but this should be correct now.

@ddouglas ddouglas closed this Oct 31, 2024
@bjrara
Copy link

bjrara commented Nov 12, 2024

For tracking purpose, the PR is closed in favor of #478

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants