gin
gin copied to clipboard
gin-gonic
Feature Request: More regular releases
Security fixes
The last release was 1 year ago and contains 3 CVEs:
| Library | Vulnerability | Severity |
|---|---|---|
| golang.org/x/crypto | CVE-2024-45337 | CRITICAL |
| CVE-2025-22869 | HIGH | |
| golang.org/x/net | CVE-2025-22870 | MEDIUM |
Can the current code be released to allow your users to upgrade and fix those?
Release process
Is there a process planned to release more regularly?
Review process
Are the Dependabot PRs being reviewed regularly? go.mod contains a quite a few years of technical debt 😅
| Module | Required | Update | Old | New | Debt | Type |
|---|---|---|---|---|---|---|
| github.com/bytedance/sonic | v1.13.1 | v1.13.2 | 2025-03-07 | 2025-03-17 | 10 days | patch |
| github.com/gin-contrib/sse | v0.1.0 | v1.1.0 | 2019-06-02 | 2025-04-08 | 2137 days | major |
| github.com/go-playground/validator/v10 | v10.22.1 | v10.26.0 | 2024-09-09 | 2025-03-28 | 200 days | minor |
| github.com/goccy/go-json | v0.10.2 | v0.10.5 | 2023-03-19 | 2025-01-25 | 678 days | patch |
| github.com/pelletier/go-toml/v2 | v2.2.2 | v2.2.4 | 2024-04-29 | 2025-04-07 | 343 days | patch |
| github.com/quic-go/quic-go | v0.48.2 | v0.50.1 | 2024-11-26 | 2025-03-21 | 115 days | minor |
| github.com/stretchr/testify | v1.9.0 | v1.10.0 | 2024-02-29 | 2024-11-12 | 257 days | minor |
| golang.org/x/net | v0.37.0 | v0.39.0 | 2025-03-05 | 2025-04-07 | 33 days | minor |
| google.golang.org/protobuf | v1.34.1 | v1.34.2 | 2024-05-06 | 2024-06-11 | 36 days | patch |
| google.golang.org/protobuf | v1.34.1 | v1.36.6 | 2024-05-06 | 2025-03-24 | 322 days | minor |
| Technical Debt | Patch | Minor | Major |
go get github.com/bytedance/[email protected] # patch v1.13.1 (10 days)
go get github.com/gin-contrib/[email protected] # major v0.1.0 (2137 days)
go get github.com/go-playground/validator/[email protected] # minor v10.22.1 (200 days)
go get github.com/goccy/[email protected] # patch v0.10.2 (678 days)
go get github.com/pelletier/go-toml/[email protected] # patch v2.2.2 (343 days)
go get github.com/quic-go/[email protected] # minor v0.48.2 (115 days)
go get github.com/stretchr/[email protected] # minor v1.9.0 (257 days)
go get golang.org/x/[email protected] # minor v0.37.0 (33 days)
go get google.golang.org/[email protected] # patch v1.34.1 (36 days)
go get google.golang.org/[email protected] # minor v1.34.1 (322 days)
go mod tidy
The last release happened a year ago. It'd be nice if we can get frequent releases, especially security/vulnerability fixes.
Thank you for merging some Dependabot updates, it looks much better now 👍
| Module | Required | Update | Old | New | Debt | Type |
|---|---|---|---|---|---|---|
| github.com/bytedance/sonic | v1.13.1 | v1.13.2 | 2025-03-07 | 2025-03-17 | 10 days | patch |
| github.com/goccy/go-json | v0.10.2 | v0.10.5 | 2023-03-19 | 2025-01-25 | 678 days | patch |
| github.com/pelletier/go-toml/v2 | v2.2.2 | v2.2.4 | 2024-04-29 | 2025-04-07 | 343 days | patch |
| golang.org/x/net | v0.38.0 | v0.39.0 | 2025-03-27 | 2025-04-07 | 11 days | minor |
| google.golang.org/protobuf | v1.34.1 | v1.34.2 | 2024-05-06 | 2024-06-11 | 36 days | patch |
| google.golang.org/protobuf | v1.34.1 | v1.36.6 | 2024-05-06 | 2025-03-24 | 322 days | minor |
| Technical Debt (4 years) | Patch | Minor | Total |
go get github.com/bytedance/[email protected] # patch v1.13.1 (10 days)
go get github.com/goccy/[email protected] # patch v0.10.2 (678 days)
go get github.com/pelletier/go-toml/[email protected] # patch v2.2.2 (343 days)
go get golang.org/x/[email protected] # minor v0.38.0 (11 days)
go get google.golang.org/[email protected] # patch v1.34.1 (36 days)
go get google.golang.org/[email protected] # minor v1.34.1 (322 days)
go mod tidy # Debt: Patch 1,067 days (3 years). Minor 333 days (1 years). Total 1,364 days (4 years).