search

go-openapi / strfmt

openapi toolkit common string formats
Apache License 2.0
102 stars 62 forks source link

Bump mongo-driver to v1.7.5 to avoid vulnerability alert #93

Closed padamstx closed 3 years ago

padamstx commented 3 years ago

Fixes: https://github.com/go-openapi/strfmt/issues/90

This PR bumps the mongo-driver dependency to version 1.7.5 in order to avoid a snyk vulnerability related to the packr/v2 module that was used by previous versions of mongo-driver. This new version 1.7.5 removes the packr/v2 dependency entirely.

codecov[bot] commented 3 years ago

Codecov Report

Merging #93 (0ccbdee) into master (6d7da0f) will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master      #93   +/-   ##
=======================================
  Coverage   81.80%   81.80%           
=======================================
  Files          12       12           
  Lines        2011     2011           
=======================================
  Hits         1645     1645           
  Misses        290      290           
  Partials       76       76

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 6d7da0f...0ccbdee. Read the comment docs.

padamstx commented 3 years ago

@casualjim Hi, could you please review and merge in if this change is acceptable? If yes, could we get a new patch release with these reduced dependencies? Thanks!

casualjim commented 3 years ago

Done, and published v0.21.1