search

jmoiron / sqlx

general purpose extensions to golang's database/sql
http://jmoiron.github.io/sqlx/
MIT License
16.32k stars 1.09k forks source link

Tag new version for dependency security updates #923

Closed seanhagen closed 7 months ago

seanhagen commented 7 months ago

The last version ( v1.3.5 ) was tagged in 2022. A new version needs to be tagged so that folks ( such as myself ) can update our go.mod files to stop getting warnings about security vulnerabilities in package versions no longer referenced in this package's go.mod file.

For example: in the latest tag v1.3.5, the version of go-sqlite3 being used is v1.14.6. In the go.mod file on the master branch the version is v1.14.22 ( enough to get security scanners like Snyk to stop complaining ).

Can we get a v1.3.6 tagged to master?

dlsniper commented 7 months ago

Hi @seanhagen. Thanks for the issue. Sorry, it took a little longer to get this done. We'll keep the dependencies updated more frequently in the future.