Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update additional Go dependencies #12401

Merged
merged 1 commit into from
Feb 21, 2023
Merged

Update additional Go dependencies #12401

merged 1 commit into from
Feb 21, 2023

Conversation

dbussink
Copy link
Contributor

Dependabot does pick up these go.mod files but somehow fails to open PRs for them to update things that are vulnerable. So doing it manually here.

Related Issue(s)

https://github.com/vitessio/vitess/security/dependabot/314

Checklist

  • "Backport to:" labels have been added if this change should be back-ported
  • Tests were added or are not required
  • Documentation was added or is not required

@dbussink
Update additional Go dependencies
cd9b2a4 
Dependabot does pick up these go.mod files but somehow fails to open PRs
for them to update things that are vulnerable. So doing it manually
here.

Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
@vitess-bot vitess-bot bot added NeedsDescriptionUpdate The description is not clear or comprehensive enough, and needs work NeedsWebsiteDocsUpdate What it says labels Feb 21, 2023
@vitess-bot
Copy link
Contributor

vitess-bot bot commented Feb 21, 2023

Review Checklist

Hello reviewers! 👋 Please follow this checklist when reviewing this Pull Request.

General

  • Ensure that the Pull Request has a descriptive title.
  • If this is a change that users need to know about, please apply the release notes (needs details) label so that merging is blocked unless the summary release notes document is included.
  • If a test is added or modified, there should be a documentation on top of the test to explain what the expected behavior is what the test does.

If a new flag is being introduced:

  • Is it really necessary to add this flag?
  • Flag names should be clear and intuitive (as far as possible)
  • Help text should be descriptive.
  • Flag names should use dashes (-) as word separators rather than underscores (_).

If a workflow is added or modified:

  • Each item in Jobs should be named in order to mark it as required.
  • If the workflow should be required, the maintainer team should be notified.

Bug fixes

  • There should be at least one unit or end-to-end test.
  • The Pull Request description should include a link to an issue that describes the bug.

Non-trivial changes

  • There should be some code comments as to why things are implemented the way they are.

New/Existing features

  • Should be documented, either by modifying the existing documentation or creating new documentation.
  • New features should have a link to a feature request issue or an RFC that documents the use cases, corner cases and test cases.

Backward compatibility

  • Protobuf changes should be wire-compatible.
  • Changes to _vt tables and RPCs need to be backward compatible.
  • vtctl command output order should be stable and awk-able.
  • RPC changes should be compatible with vitess-operator
  • If a flag is removed, then it should also be removed from VTop, if used there.

@frouioui frouioui added Backport to: release-15.0 Component: Build/CI and removed NeedsDescriptionUpdate The description is not clear or comprehensive enough, and needs work NeedsWebsiteDocsUpdate What it says labels Feb 21, 2023
@dbussink dbussink merged commit c59ba65 into vitessio:main Feb 21, 2023
@dbussink dbussink deleted the dbussink/update-additional-subdir-go-deps branch February 21, 2023 13:00
@vitess-bot vitess-bot bot mentioned this pull request Feb 21, 2023
Merged
@vitess-bot
Copy link
Contributor

vitess-bot bot commented Feb 21, 2023

I was unable to backport this Pull Request to the following branches: release-14.0, release-15.0.

dbussink added a commit to planetscale/vitess that referenced this pull request Feb 21, 2023
@dbussink
Fix another mixin dep
771280b 
Dependabot is still warning about this one and missed this in vitessio#12401

Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
@dbussink dbussink mentioned this pull request Feb 21, 2023
Merged
3 tasks
dbussink added a commit that referenced this pull request Feb 21, 2023
@dbussink
Fix another mixin dep (#12403)
ddad7d7 
Dependabot is still warning about this one and missed this in #12401

Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rohit-nayak-ps rohit-nayak-ps rohit-nayak-ps approved these changes

@frouioui frouioui frouioui approved these changes

@ajm188 ajm188 Awaiting requested review from ajm188 ajm188 is a code owner

@deepthi deepthi Awaiting requested review from deepthi deepthi is a code owner

@harshit-gangal harshit-gangal Awaiting requested review from harshit-gangal harshit-gangal is a code owner

@mattlord mattlord Awaiting requested review from mattlord mattlord is a code owner

@systay systay Awaiting requested review from systay systay is a code owner

Assignees
No one assigned
Labels
Component: Build/CI Type: CI/Build Type: Dependencies Dependency updates
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dbussink @frouioui @rohit-nayak-ps