Skip to content

Upgrade xray dependency and transitive dependencies#37

Merged
dfangl merged 1 commit into
localstackfrom
upgrade-xray-dependencies
Feb 26, 2025
Merged

Upgrade xray dependency and transitive dependencies#37
dfangl merged 1 commit into
localstackfrom
upgrade-xray-dependencies

Conversation

@dfangl

@dfangl dfangl commented Feb 25, 2025

Copy link
Copy Markdown
Member

Motivation

Recent security scans tag the golang.org/x/net vulnerability CVE-2024-45338 in our lambda init.

This change updates the xray dependency, including the transitive dependency golang.org/x/net to 0.33.0 which resolves those vulnerabilities.

Steps to upgrade (for future me):

go get -u github.com/aws/aws-xray-daemon@master

Changes

  • Upgrade github.com/aws/aws-xray-daemon
@dfangl dfangl self-assigned this Feb 25, 2025
@dfangl dfangl requested review from gregfurman and joe4dev February 25, 2025 16:12
@dfangl dfangl merged commit cf26b43 into localstack Feb 26, 2025
@dfangl dfangl deleted the upgrade-xray-dependencies branch February 26, 2025 09:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants