Update all the module dependencies

psanford / wormhole-william

End-to-end encrypted file transfer. A magic wormhole CLI and API in Go (golang).

MIT License

1.09k stars 56 forks source link

Update all the module dependencies #9

Closed Jacalz closed 4 years ago

Jacalz commented 4 years ago

All the updated packages contain bug fixes and improvements, but websocket also contains an important security fix.

psanford commented 4 years ago

Thanks for opening this. The gorilla/websocket issue doesn't look too serious since we're a websocket client not a server, but we should still upgrade.

As for the other dependencies, are there specific changes relevant to us?

Jacalz commented 4 years ago

Well yes. There other dependencies consist of a bunch of cleanups, fixes and general improvements that of course are made to make the packages function better in one way or another. There is no point in not updating them.

psanford commented 4 years ago

I'm not comfortable blindly upgrading packages without understanding the changes and how they will affect us. There's risk that new features will introduce new bugs or subtly different behavior.

Lets split this PR into 1 PR per dependency. Then we can more easily audit the actual changes we are pulling in.