Skip to content

Upgrade dependencies#36

Merged
dfangl merged 1 commit into
localstackfrom
upgrade-dependencies
Dec 17, 2024
Merged

Upgrade dependencies#36
dfangl merged 1 commit into
localstackfrom
upgrade-dependencies

Conversation

@dfangl

@dfangl dfangl commented Dec 12, 2024

Copy link
Copy Markdown
Member

Motivation

golang.org/x/net v0.18.0 has a moderate CVE reported which some customer tooling reports as high: https://avd.aquasec.com/nvd/2023/cve-2023-45288/ , GHSA-4v7x-pqxf-cx7m

Updating the xray daemon dependency also upgrades golang.org/x/net.

Related to localstack/localstack#12011

Changes

  • Upgrade github.com/aws/aws-xray-daemon and its dependencies
  • No behavioral changes expected
@dfangl dfangl requested a review from joe4dev December 12, 2024 14:55
@dfangl dfangl merged commit 0b2b5be into localstack Dec 17, 2024
@dfangl dfangl deleted the upgrade-dependencies branch December 17, 2024 15:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants