search

TykTechnologies / tyk

Tyk Open Source API Gateway written in Go, supporting REST, GraphQL, TCP and gRPC protocols
Other
9.58k stars 1.08k forks source link

Dependency check #5842

Closed titpetric closed 9 months ago

titpetric commented 9 months ago
IMPORT VERSION LATEST WARNINGS
Jeffail/gabs v1.4.0 ✖ No info Bad request, possibly renamed
Jeffail/tunny v0.1.4 ✖ No info Bad request, possibly renamed
Masterminds/sprig/v3 v3.2.2 ✖ No info Bad request, possibly renamed
TykTechnologies/again v0.0.0 20190805133618 6ad301e7eaed Skipped Dependency without go.mod
TykTechnologies/circuitbreaker v2.2.2 +incompatible Skipped
TykTechnologies/drl v0.0.0 20221208085827 9bc9b4338f26 Skipped Dependency without go.mod
TykTechnologies/goautosocket v0.0.0 20190430121222 97bfa5e7e481 Skipped Dependency without go.mod
TykTechnologies/gojsonschema v0.0.0 20170222154038 dcb3e4bb7990 Skipped Dependency without go.mod
TykTechnologies/gorpc v0.0.0 20210624160652 fe65bda0ccb9 Skipped Dependency without go.mod
TykTechnologies/goverify v0.0.0 20220808203004 1486f89e7708 Skipped Dependency without go.mod
TykTechnologies/graphql-go-tools v1.6.2 0.20231121123800 70500778ba66 Skipped
TykTechnologies/leakybucket v0.0.0 20170301023702 71692c943e3c Skipped Dependency without go.mod
TykTechnologies/murmur3 v0.0.0 20230310161213 aad17efd5632 Skipped Dependency without go.mod
TykTechnologies/openid2go v0.1.2 Skipped
TykTechnologies/storage v1.0.8 Skipped
TykTechnologies/tyk-pump v1.8.1 rc1.0.20231030094653 9984a1ee29ee Skipped
akutz/memconn v0.1.0 ✓ Up to date
bshuster-repo/logrus-logstash-hook v1.1.0 ✓ Up to date
buger/jsonparser v1.1.1 ✓ Up to date
cenk/backoff v2.2.1 +incompatible ✓ Up to date
cenkalti/backoff/v4 v4.2.1 ✓ Up to date
clbanning/mxj v1.8.4 ✓ Up to date
evalphobia/logrus_sentry v0.8.2 ✓ Up to date
gemnasium/logrus-graylog-hook v2.0.7 +incompatible ✓ Up to date
getkin/kin-openapi v0.115.0 v0.122.0
go-redis/redis/v8 v8.11.5 ✓ Up to date
gocraft/health v0.0.0 20170925182251 8675af27fef0 No versions available Dependency without go.mod
gofrs/uuid v4.0.0 +incompatible v4.4.0+incompatible
golang-jwt/jwt/v4 v4.4.2 v4.5.0
golang/protobuf v1.5.3 ✓ Up to date
gorilla/mux v1.8.0 v1.8.1
gorilla/websocket v1.5.0 v1.5.1
hashicorp/consul/api v1.3.0 v1.26.1
hashicorp/go-multierror v1.1.1 ✓ Up to date
hashicorp/go-version v1.4.0 v1.6.0
hashicorp/vault/api v1.0.4 v1.10.0
jensneuse/abstractlogger v0.0.4 ✓ Up to date
justinas/alice v1.2.0 ✓ Up to date
kelseyhightower/envconfig v1.4.0 ✓ Up to date
lonelycode/osin v0.0.0 20160423095202 da239c9dacb6 No versions available Dependency without go.mod
mavricknz/ldap v0.0.0 20160227184754 f5a958005e43 No versions available Dependency without go.mod
miekg/dns v1.1.56 v1.1.57
mitchellh/mapstructure v1.5.0 ✓ Up to date
newrelic/go-agent v2.13.0 +incompatible v3.28.1+incompatible
nsf/jsondiff v0.0.0 20210303162244 6ea32392771e No versions available Dependency without go.mod
opentracing/opentracing-go v1.2.0 ✓ Up to date
openzipkin/zipkin-go v0.2.2 v0.4.2
oschwald/maxminddb-golang v1.11.0 v1.12.0
paulbellamy/ratecounter v0.2.0 ✓ Up to date
pires/go-proxyproto v0.7.0 ✓ Up to date
pmylund/go-cache v2.1.0 +incompatible ✓ Up to date
robertkrimen/otto v0.0.0 20180617131154 15f95af6e78d v0.2.1 Dependency without go.mod
rs/cors v1.7.0 v1.10.1
sirupsen/logrus v1.9.3 ✓ Up to date
spf13/afero v1.6.0 v1.11.0
square/go-jose v2.4.1 +incompatible v2.6.0+incompatible
stretchr/testify v1.8.4 ✓ Up to date
uber/jaeger-client-go v2.30.1 0.20220110192849 8d8e8fcfd04d +incompatible v2.30.0+incompatible Version ahead of latest release
valyala/fasthttp v1.43.0 v1.51.0
vmihailenco/msgpack v4.0.4 +incompatible ✓ Up to date
xeipuuv/gojsonschema v1.2.0 ✓ Up to date
golang.org/x/crypto v0.14.0 v0.16.0
golang.org/x/net v0.17.0 v0.19.0
golang.org/x/sync v0.4.0 v0.5.0
google.golang.org/grpc v1.59.0 v1.61.0-dev
google.golang.org/grpc/examples v0.0.0 20220317213542 f95b001a48df No versions available Dependency without go.mod
google.golang.org/protobuf v1.31.0 ✓ Up to date
gopkg.in/alecthomas/kingpin.v2 v2.2.6 v2.4.0 Deprecated import (gopkg.in)
gopkg.in/vmihailenco/msgpack.v2 v2.9.1 v2.9.2 Deprecated import (gopkg.in)
gopkg.in/xmlpath.v2 v2.0.0 20150820204837 860cbeca3ebc No versions available Deprecated import (gopkg.in)
gopkg.in/yaml.v3 v3.0.1 ✓ Up to date Deprecated import (gopkg.in)
TykTechnologies/kin-openapi v0.90.0 Skipped
TykTechnologies/opentelemetry v0.0.20 Skipped
google/go-cmp v0.5.9 v0.6.0
go.opentelemetry.io/otel v1.19.0 v1.21.0
go.opentelemetry.io/otel/trace v1.19.0 v1.21.0
go.uber.org/mock v0.3.0 ✓ Up to date
smarusa commented 9 months ago

Is the newrelic/go-agent dependency expected to be addressed eventually?

andyo-tyk commented 9 months ago

Hi @smarusa,

We don't have a plan to update the newrelic dependency as it is not bringing any high impact CVEs to the product.

We are deprecating Open Tracing support in favour of Open Telemetry, so do not plan further development of our legacy Open Tracing/New Relic specific support.

I'm closing this issue as it was opened in error - we perform regular dependency checks and focus attention on those libraries that require updates for security or functionality reasons.

Thanks for your support.