confluent-kafka-go icon indicating copy to clipboard operation
confluent-kafka-go copied to clipboard

Published 20 hours ago verified publisher icon confluentinc

Update Deps with High Security Alerts

Open frankgreco opened this issue 1 year ago • 6 comments

Description

There are some high security alerts that originate from deps in this package.

How to reproduce

You can generate this report with Snyk

Screenshot 2023-10-16 at 5 20 03 PM

Checklist

Please provide the following information:

  • [x] confluent-kafka-go and librdkafka version (LibraryVersion(v2.2.0)):
  • [ ] Apache Kafka broker version:
  • [ ] Client configuration: ConfigMap{...}
  • [ ] Operating system:
  • [ ] Provide client logs (with "debug": ".." as necessary)
  • [ ] Provide broker log excerpts
  • [ ] Critical issue

frankgreco avatar Oct 16 '23 21:10 frankgreco

@emasab (finding a random contributor to ping) since this is security related, could we prioritize this?

frankgreco avatar Oct 20 '23 18:10 frankgreco

Friendly bump on this.

frankgreco avatar Jan 02 '24 15:01 frankgreco

Bump

frankgreco avatar Jan 12 '24 15:01 frankgreco

Going to update a bunch of dependencies in the next release, will look into updating these with them.

milindl avatar Feb 13 '24 12:02 milindl

@milindl any idea on when this next release is going to be?

frankgreco avatar Apr 30 '24 16:04 frankgreco

It should be there this week, we've tested the RC out.

milindl avatar May 07 '24 12:05 milindl

@milindl Can you please close this out.

janjwerner-confluent avatar Aug 05 '24 16:08 janjwerner-confluent

Yep This is done as the release is out.

milindl avatar Aug 06 '24 06:08 milindl