yokai icon indicating copy to clipboard operation
yokai copied to clipboard
Published 3 months ago verified publisher icon ankorstore

Deps: security issues

Open adaosantos opened this issue 7 months ago • 1 comments

Hi everyone, how are you doing? I've noticed that many packages we're using are on old versions, but to update them we'll also need to upgrade the GO version, since many current packages are only compatible with GO version 1.23 or higher. I'll open a pull request per package, trying to focus on the simpler ones first so we can get everything up to date. It's worth remembering that many packages have numerous bug fixes and also security vulnerability patches. Just in fxcore alone we have 3 documented security vulnerabilities.

Image Image Image

Do you think it's worth opening an issue for each package?

adaosantos avatar Sep 17 '25 17:09 adaosantos

Hello, thanks for raising this 👍

Using Yokai still leaves you owner of your go.mod, so you can upgrade deps in your applications, even if Yokai modules have older deps. It's what we do for our apps, we run on 1.24 with sub libs up to date.

We plan to make a pass soon on all modules, I'll keep you posted here once done.

ekkinox avatar Sep 18 '25 10:09 ekkinox