dependencies versions should be upgraded to address security vulnerabilities

[IF034Java]

Is there any plans to release newer version of the zipkin-go-opentracing with upgraded dependencies? The Veracode reports at least two vulnerabilities in the underlying dependencies see gomega and protobuf

[jcchavezs]

Zipkin is a volunteering project, so you mind opening a PR with such upgrades?

On Sat, 17 Jul 2021, 00:09 IF034Java, @.***> wrote:

Is there any plans to release newer version of the zipkin-go-opentracing with upgraded dependencies? The Veracode reports at least two vulnerabilities in the underlying dependencies see gomega https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/github-com-onsi-gomega/GO/GO/lid-886825/versions/v1.4.3 and protobuf https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/github-com-gogo-protobuf/GO/GO/lid-885410/versions/v1.2.0

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/openzipkin-contrib/zipkin-go-opentracing/issues/158, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXOYATTQ3JYXA66OQI3L5DTYCUZXANCNFSM5AQK6ZOA .

[IF034Java]

@jcchavezs I was trying to push my local branch but received error Permission to openzipkin-contrib/zipkin-go-opentracing.git denied to IF034Java Do I need any specific permissions to contribute to the zipkin-go-opentracing project?

[basvanbeek]

@IF034Java no you don't need special permissions to contribute, but you can't add branches directly to this repo. That indeed is reserved for maintainers only.

Make a fork of this repo on your local github account and then push your updates to a branch there. Then you can create the pull request from your fork to this repo.

Thanks for helping out!

[IF034Java]

@jcchavezs @basvanbeek PR is created to address the protobuf issue see here

[adrianosela]

Bump

[basvanbeek]

new release has been cut with zipkin-go v0.4.1 and opentracing-go v1.2.0.