Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

horizon: update go dependencies #5084

Merged
merged 8 commits into from
Oct 18, 2023
Merged

horizon: update go dependencies #5084

merged 8 commits into from
Oct 18, 2023

Conversation

tsachiherman
Copy link
Contributor

@tsachiherman tsachiherman commented Oct 17, 2023
edited
Loading

PR Checklist

PR Structure

  • This PR has reasonably narrow scope (if not, break it down into smaller PRs).
  • This PR avoids mixing refactoring changes with feature changes (split into two PRs
    otherwise).
  • This PR's title starts with name of package that is most changed in the PR, ex.
    services/friendbot, or all or doc if the changes are broad or impact many
    packages.

Thoroughness

  • This PR adds tests for the most critical parts of the new functionality or fixes.
  • I've updated any docs (developer docs, .md
    files, etc... affected by this change). Take a look in the docs folder for a given service,
    like this one.

Release planning

  • I've updated the relevant CHANGELOG (here for Horizon) if
    needed with deprecations, added features, breaking changes, and DB schema changes.
  • I've decided if this PR requires a new major/minor version according to
    semver, or if it's mainly a patch change. The PR is targeted at the next
    release branch if it's not a patch change.

What

This PR updates the dependencies of the go monorepo, updating some of the packages that are known to have vulnerabilities.

Why

Use latest packages to avoid known vulnerabilities, and in particular

Known limitations

n/a

@tsachiherman tsachiherman self-assigned this Oct 17, 2023
@tsachiherman tsachiherman marked this pull request as ready for review October 17, 2023 19:15
@tsachiherman tsachiherman requested a review from a team October 17, 2023 19:15
@tsachiherman tsachiherman enabled auto-merge (squash) October 17, 2023 21:03
@tsachiherman tsachiherman merged commit d50c63e into stellar:master Oct 18, 2023
36 checks passed
@tsachiherman tsachiherman deleted the tsachi/update_go_dependencies branch October 18, 2023 14:04
2opremio added a commit to 2opremio/go-2 that referenced this pull request Oct 23, 2023
@2opremio
Fix Go dependencies
7630451 
stellar#5084 broke go.mod becaue:

1. go mod tidy wasn't invoked before merging (we should probably enforce this is CI and make sure there are no diffs)
2. It ugraded github.com/creachadair/jrpc2 to 1.1.1 which requires Go 1.21 (breaking the two-Go-release compatibility guarantee we make)
@2opremio 2opremio mentioned this pull request Oct 23, 2023
Merged
2opremio added a commit that referenced this pull request Oct 23, 2023
@2opremio
Fix Go dependencies (#5088)
a3f37f4 
#5084 broke go.mod becaue:

1. go mod tidy wasn't invoked before merging (we should probably enforce this is CI and make sure there are no diffs)
2. It ugraded github.com/creachadair/jrpc2 to 1.1.1 which requires Go 1.21 (breaking the two-Go-release compatibility guarantee we make)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tamirms tamirms tamirms approved these changes

Assignees

@tsachiherman tsachiherman

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tsachiherman @tamirms