Closed filikos closed 8 months ago
@wangzlei Thank you the quick reaction on this PR, not sure about the release cycle of this repository but would you mind creating a minor release for this fix? Currently users of this module can only update the indirect dependency in go.mod
to grpc in order to get rid of that vulnerability.
We will release 1.8.3 with http2 rapid reset fix soon https://github.com/aws/aws-xray-sdk-go/pull/431
Small update for the go grpc library.
Why? https://github.com/advisories/GHSA-m425-mq94-257g
Description of changes: update google.golang.org/grpc to v1.59.0
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.