Skip to content

Update labkit version to address a downstream security vulnerability

Changzheng Liu requested to merge 77-gorilla-websocket-update into main

Update gorilla/websocket version to v1.4.1 to address a vulnerability. Below is the dependency chain,

labkit -> sentry -> kataras/iris -> katara/neffos -> gorilla/websocket

Below are the steps that I did,

  • Changed the labkit version to v1.3.1
  • Ran go mod tidy to update the dependencies
  • Got an error in the pipeline tests which was caused by the aws-sdk-go module
    • Verified that some of the downstream module of labkit-v1.3.1 needed the new aws-sdk-go v1.27.0 by a series of go mod graph | grep <mod name> commands.
    • Updated the test based on !107 (comment 563126294)

Closes #77

Edited by Changzheng Liu

Merge request reports

Loading