Skip to content

Commit a258a44

Browse files
odeke-emodeke-em
committed
go.mod: upgrade dependencies and rid vulnerable thrift [email protected]
Coming here, after digging through google/exposure-notifications-server#749 in which the version of github.com/apache/thrift was reported by @whaber as having known critical vulnerabilities. Transitively however, this version was pinning to cloud.google.com/[email protected] indirectly, which then imported versions of opencensus: * [email protected]. * [email protected] that imported github.com/apache/[email protected] The target package to upgrade was github.com/denisenkom/go-mssqldb v0.0.0-20200620013148-b91950f658ec which now uses cloud.google.com/[email protected]
1 parent f34bc2c commit a258a44

File tree

2 files changed

+74
-58
lines changed

2 files changed

+74
-58
lines changed

go.mod

Lines changed: 12 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,17 @@
11
module github.com/golang-migrate/migrate/v4
22

33
require (
4-
cloud.google.com/go/spanner v1.6.0
5-
cloud.google.com/go/storage v1.8.0
4+
cloud.google.com/go v0.61.0 // indirect
5+
cloud.google.com/go/spanner v1.8.0
6+
cloud.google.com/go/storage v1.10.0
67
github.com/ClickHouse/clickhouse-go v1.3.12
78
github.com/Microsoft/go-winio v0.4.14 // indirect
89
github.com/aws/aws-sdk-go v1.17.7
910
github.com/bitly/go-hostpool v0.0.0-20171023180738-a3a6125de932 // indirect
1011
github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 // indirect
1112
github.com/cockroachdb/cockroach-go v0.0.0-20190925194419-606b3d062051
1213
github.com/cznic/mathutil v0.0.0-20180504122225-ca4c9f2c1369 // indirect
13-
github.com/denisenkom/go-mssqldb v0.0.0-20190515213511-eb9f6a1743f3
14+
github.com/denisenkom/go-mssqldb v0.0.0-20200620013148-b91950f658ec
1415
github.com/dhui/dktest v0.3.2
1516
github.com/docker/distribution v2.7.1+incompatible // indirect
1617
github.com/docker/docker v1.4.2-0.20200213202729-31a86c4ab209
@@ -22,6 +23,7 @@ require (
2223
github.com/gocql/gocql v0.0.0-20190301043612-f6df8288f9b4
2324
github.com/gogo/protobuf v1.3.1 // indirect
2425
github.com/golang/snappy v0.0.1 // indirect
26+
github.com/google/go-cmp v0.5.1 // indirect
2527
github.com/google/go-github v17.0.0+incompatible
2628
github.com/gorilla/mux v1.7.4 // indirect
2729
github.com/hashicorp/go-multierror v1.1.0
@@ -40,10 +42,13 @@ require (
4042
github.com/xdg/stringprep v1.0.0 // indirect
4143
gitlab.com/nyarla/go-crypt v0.0.0-20160106005555-d9a5dc2b789b // indirect
4244
go.mongodb.org/mongo-driver v1.1.0
43-
golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2
44-
golang.org/x/tools v0.0.0-20200522201501-cb1345f3a375
45-
google.golang.org/api v0.25.0
46-
google.golang.org/genproto v0.0.0-20200526151428-9bb895338b15
45+
golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899 // indirect
46+
golang.org/x/net v0.0.0-20200707034311-ab3426394381
47+
golang.org/x/sys v0.0.0-20200724161237-0e2f3a69832c // indirect
48+
golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e // indirect
49+
golang.org/x/tools v0.0.0-20200725200936-102e7d357031
50+
google.golang.org/api v0.29.0
51+
google.golang.org/genproto v0.0.0-20200726014623-da3ae01ef02d
4752
modernc.org/b v1.0.0 // indirect
4853
modernc.org/db v1.0.0 // indirect
4954
modernc.org/file v1.0.0 // indirect

0 commit comments

Comments
 (0)