guardrails[bot]
commented
1 year ago :warning: We detected 24 security issues in this pull request:
Vulnerable Libraries (24)
Severity | Details :-: | :-- High | [pkg:golang/github.com/nats-io/nats-server/v2@v2.5.0@v2.5.0](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L282) - **no patch available** N/A | [pkg:golang/golang.org/x/net@v0.0.0-20221012135044-0b7e1fb9d458@v0.0.0-20221012135044-0b7e1fb9d458](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L1659) upgrade to: *0.1.1-0.20221104162952-702349b0e862* N/A | [pkg:golang/golang.org/x/net@v0.0.0-20220909164309-bea034e7d591@v0.0.0-20220909164309-bea034e7d591](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L1656) upgrade to: *0.1.1-0.20221104162952-702349b0e862* N/A | [pkg:golang/golang.org/x/net@v0.0.0-20220927171203-f486391704dc@v0.0.0-20220927171203-f486391704dc](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L1657) upgrade to: *1.18.9,1.19.4,0.4.0* N/A | [pkg:golang/golang.org/x/net@v0.0.0-20220725212005-46097bf591d3@v0.0.0-20220725212005-46097bf591d3](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L1655) upgrade to: *1.18.6,1.19.1,0.0.0-20220906165146-f3363e06e74c* High | [pkg:golang/github.com/hashicorp/consul/sdk@v0.13.0@v0.13.0](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L814) - **no patch available** N/A | [pkg:golang/golang.org/x/net@v0.0.0-20221004154528-8021a29435af@v0.0.0-20221004154528-8021a29435af](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L1658) upgrade to: *1.18.9,1.19.4,0.4.0* N/A | [pkg:golang/golang.org/x/net@v0.0.0-20220607020251-c690dde0001d@v0.0.0-20220607020251-c690dde0001d](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L1651) upgrade to: *0.7.0* High | [pkg:golang/golang.org/x/net@v0.5.0@v0.5.0](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L244) - **no patch available** High | [pkg:golang/github.com/hashicorp/consul/api@v1.15.3@v1.15.3](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L806) - **no patch available** High | [pkg:golang/github.com/hashicorp/consul/sdk@v0.11.0@v0.11.0](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L813) - **no patch available** Medium | [pkg:golang/golang.org/x/net@v0.4.0@v0.4.0](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L1664) - **no patch available** N/A | [pkg:golang/golang.org/x/net@v0.0.0-20221014081412-f15817d10f9b@v0.0.0-20221014081412-f15817d10f9b](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L1660) upgrade to: *0.1.1-0.20221104162952-702349b0e862* High | [pkg:golang/github.com/hashicorp/consul/api@v1.18.0@v1.18.0](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L807) - **no patch available** Medium | [pkg:golang/golang.org/x/net@v0.3.0@v0.3.0](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L1663) - **no patch available** High | [pkg:golang/golang.org/x/net@v0.2.0@v0.2.0](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L1662) - **no patch available** N/A | [pkg:golang/golang.org/x/net@v0.5.0 @v0.5.0 ](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L1665) upgrade to: *0.7.0* N/A | [pkg:golang/golang.org/x/net@v0.0.0-20220624214902-1bab6f366d9e@v0.0.0-20220624214902-1bab6f366d9e](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L1653) upgrade to: *1.19.6,1.20.1,0.7.0* N/A | [pkg:golang/golang.org/x/net@v0.0.0-20220617184016-355a448f1bc9@v0.0.0-20220617184016-355a448f1bc9](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L1652) upgrade to: *1.18.9,1.19.4,0.4.0* N/A | [pkg:golang/github.com/aws/aws-sdk-go@v1.44.177@v1.44.177](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L461) - **no patch available** High | [pkg:golang/golang.org/x/net@v0.1.0@v0.1.0](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L1661) - **no patch available** High | [pkg:golang/github.com/hashicorp/consul/api@v1.3.0@v1.3.0](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L46) - **no patch available** N/A | [pkg:golang/github.com/hashicorp/consul/api@v1.4.0@v1.4.0](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L47) - **no patch available** N/A | [pkg:golang/github.com/aws/aws-sdk-go@v1.44.176@v1.44.176](https://github.com/xmidt-org/codex-db/blob/48bdb56b93cfbac9f434c5eb694beeeb50fc3a6b/go.sum#L460) - **no patch available** More info on how to fix Vulnerable Libraries in [Go](https://docs.guardrails.io/docs/en/vulnerabilities/go/using_vulnerable_libraries.html?utm_source=ghpr).
👉 Go to the dashboard for detailed results.
📥 Happy? Share your feedback with us.
dependabot[bot]
Bumps github.com/xmidt-org/webpa-common/v2 from 2.0.7 to 2.1.0.
Release notes
Sourced from github.com/xmidt-org/webpa-common/v2's releases.
Changelog
Sourced from github.com/xmidt-org/webpa-common/v2's changelog.
Commits
8336f9bMerge pull request #720 from xmidt-org/denopink/release/v2.1.0a47446fMerge branch 'main' into denopink/release/v2.1.0395febeBump go.uber.org/fx from 1.19.0 to 1.19.1 (#766)28e6b33Merge branch 'main' into denopink/release/v2.1.034fef03Merge pull request #708 from xmidt-org/denopink/refactoring/archive-webpa-com...5b1562ffix logging bugeeb8937reverting service/servicecfg packages back to use gokit log because of gokitz...576cf50reverting service/consul packages back to use gokit log because of gokitzk.Ne...1aceb5cfix unit tests837c1e0Merge branch 'main' into denopink/refactoring/archive-webpa-common/loggingDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)