-
Notifications
You must be signed in to change notification settings - Fork 302
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove third party test dependencies #297
Comments
Hi @yinzara we don't actually use gin anywhere other than in tests but I'll be sure to do this in the next release. |
And apologies for the delayed response. |
@nhooyr Any update on this? Github alerts me with GHSA-h395-qcrw-5vmq |
Soon, my plan is to just move the third party tests to a different module. See #318 (comment) |
Any updates on removing gin dependency soon ?, Blackduck scanner fail on this with high security error. |
It seems that it shouldn't be necessary. We plan to release SQL util and want to test it as many SQL drivers as possible. So I was worried about the dependencies from tests. |
For others, feel free to remove gin from your |
@prochac can you copy and paste the contents of the link? I'm not a member of the Gophers Slack. |
Tomáš Procházka Bryan C. Mills Bryan C. Mills Bryan C. Mills Tomáš Procházka Tomáš Procházka Jason Lui Bryan C. Mills Jason Lui Bryan C. Mills Jason Lui Bryan C. Mills Tomáš Procházka Bryan C. Mills Jason Lui |
Done in dev. |
The github.com/gin-gonic/gin dependency has a http response splitting vulnerability in versions less than 1.7.0:
gin-gonic/gin#2632
Upgrading the dependency to 1.7.0 or higher will fix this vulnerability (current version is 1.7.1)
The text was updated successfully, but these errors were encountered: