search

hashicorp / go-plugin

Golang plugin system over RPC.
Mozilla Public License 2.0
5.25k stars 450 forks source link

update deps #242

Closed drakkan closed 12 months ago

drakkan commented 1 year ago

fixes x/net and x/text security issues

drakkan commented 1 year ago

I also updated the version to Go 1.18 to avoid to apply this

github.com/hashicorp/go-plugin tested by
    github.com/hashicorp/go-plugin.test imports
    github.com/jhump/protoreflect/grpcreflect imports
    github.com/jhump/protoreflect/desc tested by
    github.com/jhump/protoreflect/desc.test imports
    github.com/jhump/protoreflect/desc/protoparse imports
    github.com/bufbuild/protocompile imports
    golang.org/x/sync/semaphore loaded from golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c,
    but go 1.16 would select v0.1.0

To upgrade to the versions selected by go 1.16:
    go mod tidy -go=1.16 && go mod tidy -go=1.17
If reproducibility with go 1.16 is not needed:
    go mod tidy -compat=1.17
For other options, see:
    https://golang.org/doc/modules/pruning
tomhjp commented 12 months ago

Sorry this went unanswered for so long, but I merged #285 with more recent deps a couple of weeks ago, so I think that covers this PR for now. It hasn't been released in a tag yet, but I'll be cutting one in the next few weeks or so, and you can force the version used in consuming applications before then via Go's MVS.