sentry-go icon indicating copy to clipboard operation
sentry-go copied to clipboard
verified publisher icon getsentry

bump kataras/iris/v12 to current beta release to resolve CVE-2021-23772

Open catkins opened this issue 3 years ago • 3 comments

As part of our migration to Sentry, we've been updating our internal Go libraries to use sentry-go. Our Snyk CI pinged us with a couple of CVEs, listed in #438

By bumping iris to the latest beta release, and running go mod tidy (Which cleared out the coreos/etcd dependencies from the go.sum) this should clear out the high severity CVEs.

See: https://app.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMKATARASIRISV12-2325170

catkins avatar May 12 '22 00:05 catkins

cc/ @cweerasooriya

catkins avatar May 12 '22 00:05 catkins

Thanks for the contribution. Would you mind taking look at broken checks?

kamilogorek avatar May 12 '22 06:05 kamilogorek

I've attempted to do the same in #462.

stanhu avatar Aug 05 '22 15:08 stanhu

Fixed in https://github.com/getsentry/sentry-go/pull/462

kamilogorek avatar Aug 16 '22 15:08 kamilogorek