-
Notifications
You must be signed in to change notification settings - Fork 188
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
updated the deps to address cves #297
Conversation
My bad! Current commit only addresses CVE-2023-45142 and CVE-2024-24786 |
# Conflicts: # go.mod # go.sum
pushed the new commit to fix CVE-2023-47108 as well. We can squash all these commits before merging as well |
That is really great work, but a duplicate to #287 |
oh I wasn't aware of that PR. Thanks for pointing that our. Anyway, as long as any of PRs get merged to address the CVEs, I am happy. |
@njyeti, but a great work none the less. I hope to see more contributions in the future 😄 |
closing this as #287 is merged |
@njyeti, hey. If you don't mind to create a commit that only contains the deps, I would accept the PR. I realized that my PR doesn't have otel v0.46 and bumping it started to cause errors. Copy pasting your indirect deps worked fine though, so honor to whom honor is due, if you want to bump go for it! I would like to fix it within the next days, so if you don't respond, I hope you don't mind that I take over this PR. In that way I can make you contributor indirectly as a co-author. |
@ibihim it is just a simple fix, so if the copy paste is working, please go ahead with it. I will be more than happy if the community gets the vul fix. Hopefully, I can contribute in a significant scale in the future instead of just fixing the dependency :) |
updated the go deps to the latest to address CVEs mostly for the otel. Those CVEs are CVE-2023-47108, CVE-2023-45142 and CVE-2024-24786 on the head