-
-
Notifications
You must be signed in to change notification settings - Fork 347
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: max_idle_conn_time #605
Conversation
I guess the only thing missing is updating ory/x to v0.0.242 and it should work? |
Yep and also updating the doc I plan to do it tomorrow |
I've updated the dependency and also, it appears that the related docs is not in this repo but in ory/docs. So this should be ready for a review |
Hm the failing CI is caused by some vulnerable outdated deep-dependency introduced in this PR. How should we handle that @aeneasr ? When using trivy instead of nancy, I find other vulnerabilities... |
If the PR fails sec vuln scanning due to changes it should be fixed in the PR IMO |
For unfound dependencies (e.g. trivy) these should be addressed in the PR that adds the scanner :) |
So, to my understanding the vulnerabilities are caused by this package alone: However So what should I do here to fix the vuln ? |
The only way I know of that gives you those dependencies is https://github.com/Helcaraxan/gomod |
So, I've finally been able to fix the vuln dependency. I tried for more than one hour to make So, what I've done is that I've rolled back my changes on go.mod to master, downloaded all the dependencies and cleaned my cache. Then I've re-updated We should be good to go now 😄 |
Awesome, thank you so much! :) |
Related issue
This PR is related to #523
Proposed changes
This PR use the new sql database flag
max_idle_conn_time
to allow configration of https://golang.org/pkg/database/sql/#DB.SetConnMaxIdleTimeChecklist
vulnerability. If this pull request addresses a security. vulnerability, I
confirm that I got green light (please contact
[email protected]) from the maintainers to push
the changes.
works.
Further comments
This PR is currently a draft as it needs the merge of ory/x#346