[Vulnerability fix] update google.golang.org/grpc to v1.59.0

aws / aws-xray-sdk-go

AWS X-Ray SDK for the Go programming language.

Apache License 2.0

276 stars 118 forks source link

[Vulnerability fix] update google.golang.org/grpc to v1.59.0 #428

Closed filikos closed 8 months ago

filikos commented 8 months ago

Small update for the go grpc library.

Why? https://github.com/advisories/GHSA-m425-mq94-257g

Description of changes: update google.golang.org/grpc to v1.59.0

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

filikos commented 8 months ago

@wangzlei Thank you the quick reaction on this PR, not sure about the release cycle of this repository but would you mind creating a minor release for this fix? Currently users of this module can only update the indirect dependency in go.mod to grpc in order to get rid of that vulnerability.

wangzlei commented 8 months ago

We will release 1.8.3 with http2 rapid reset fix soon https://github.com/aws/aws-xray-sdk-go/pull/431