Skip to content

build: update go-pretty v6 #6295

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 1, 2022
Merged

build: update go-pretty v6 #6295

merged 1 commit into from
Mar 1, 2022

Conversation

Roasbeef
Copy link
Member

In this commit we update go-pretty to use the latest v6 version of the
library. The existing version we used had a reported vulnerability.
Updating to this newest version also helped to shrink our set of
indirect dependencies.

In the future we can use
#5870 to detect/flag these
issues automatically.

Also FWIW we only use this library when printing out a nice table
on the CLI to track path finding attempts.

Fixes #6293

@Roasbeef Roasbeef added golang/build system Related to the go language and compiler security General label for issues/PRs related to the security of the software labels Feb 24, 2022
@Roasbeef Roasbeef added this to the v0.15.0 milestone Feb 24, 2022
@Roasbeef Roasbeef mentioned this pull request Feb 24, 2022
Closed
guggero
guggero approved these changes Feb 25, 2022
View reviewed changes
Copy link
Collaborator

@guggero guggero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tACK, LGTM 🌮

@guggero
Copy link
Collaborator

guggero commented Feb 25, 2022

Is this release notes worthy or do you want to add the [skip ci] suffix?

@Roasbeef
build: update go-pretty v6 [skip ci]
4a15de0 
In this commit we update go-pretty to use the latest v6 version of the
library. The existing version we used had a reported vulnerability.
Updating to this newest version also helped to shrink our set of
indirect dependencies.

In the future we can use
lightningnetwork#5870 to detect/flag these
issues automatically.

Fixes lightningnetwork#6293
@Roasbeef Roasbeef merged commit 28389fe into lightningnetwork:master Mar 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@guggero guggero guggero approved these changes

Assignees
No one assigned
Labels
golang/build system Related to the go language and compiler security General label for issues/PRs related to the security of the software
Projects
None yet
Milestone
v0.15.0
Development

Successfully merging this pull request may close these issues.

Upgrade github.com/go-openapi/strfmt to latest version to patch mongo-driver vulnerability alert
2 participants
@Roasbeef @guggero