Gomega 1.4.3 ddos vulnerability

[atlas-mpj]

Gomega 1.4.3 is flagged as being vulnerable to ddos and needs to be upgraded

https://sca.analysiscenter.veracode.com/vulnerability-database/security/denial-of-service-dos-/go/sid-25852

[jcchavezs]

I wish we can get rid of gomega. I tried it literally four times with no final outcome. I think I will try it iteratively soon.

José Carlos Chávez

tir. 26. okt. 2021 kl. 18:28 skrev atlas-mpj @.***>:

Gomega 1.4.3 is flagged as being vulnerable to ddos and needs to be upgraded

https://sca.analysiscenter.veracode.com/vulnerability-database/security/denial-of-service-dos-/go/sid-25852

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/openzipkin/zipkin-go/issues/207, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXOYAWGZQANAPIZTIFLERTUI3JJNANCNFSM5GYHRYYA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

[basvanbeek]

@atlas-mpj I have bumped gomega to v1.16.0 and all other dependencies to their latest... can you check if we're good with the latest of zipkin-go in master? If so I'll cut a patch release.

[atlas-mpj]

Hi @basvanbeek, looks good on my end. Appreciate the fast response, Cheers!

[basvanbeek]

Released 0.3.0 including the dependency bumps... we should be good now...