Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bump kataras/iris/v12 to current beta release to resolve CVE-2021-23772 #439

Closed

Conversation

catkins
Copy link

@catkins catkins commented May 12, 2022

As part of our migration to Sentry, we've been updating our internal Go libraries to use sentry-go. Our Snyk CI pinged us with a couple of CVEs, listed in #438

By bumping iris to the latest beta release, and running go mod tidy (Which cleared out the coreos/etcd dependencies from the go.sum) this should clear out the high severity CVEs.

See: https://app.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMKATARASIRISV12-2325170

@catkins
Copy link
Author

catkins commented May 12, 2022

cc/ @cweerasooriya

@kamilogorek
Copy link
Contributor

Thanks for the contribution. Would you mind taking look at broken checks?

@stanhu
Copy link
Contributor

stanhu commented Aug 5, 2022

I've attempted to do the same in #462.

@kamilogorek
Copy link
Contributor

Fixed in #462

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants