Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merging to release-5.3.9: [TT-13741] [release-5.3] exp/modcheck: Upda…
…te go.mod dependencies (#6795) [TT-13741] [release-5.3] exp/modcheck: Update go.mod dependencies (#6795) ### **User description** Triggered by: titpetric JIRA: https://tyktech.atlassian.net/browse/TT-13741 | IMPORT | VERSION | LATEST | WARNINGS | CVES | |:---|:---|:---|:---|:---| | getkin/kin-openapi | v0.115.0 | v0.128.0 | Held back from upgrade | | | golang-jwt/jwt/v4 | v4.5.0 | v4.5.1 | | 0 of 1 | | hashicorp/consul/api | v1.29.4 | v1.30.0 | | | | pires/go-proxyproto | v0.7.0 | v0.8.0 | | 0 of 1 | | robertkrimen/otto | v0.4.0 | v0.5.1 | | | | stretchr/testify | v1.9.0 | v1.10.0 | | | | valyala/fasthttp | v1.55.0 | v1.58.0 | | 0 of 1 | | golang.org/x/crypto | v0.27.0 | v0.31.0 | | 0 of 11 | | golang.org/x/net | v0.29.0 | v0.33.0 | | 0 of 17 | | golang.org/x/sync | v0.8.0 | v0.10.0 | | | | google.golang.org/grpc | v1.66.2 | v1.69.2 | | 0 of 2 | | google.golang.org/protobuf | v1.34.2 | v1.36.0 | | 0 of 2 | | redis/go-redis/v9 | v9.6.1 | v9.7.0 | | | | newrelic/go-agent | v2.13.0 +incompatible | v3.35.1+incompatible | Held back from upgrade | | | go.opentelemetry.io/otel | v1.32.0 | v1.33.0 | Held back from upgrade | | | go.opentelemetry.io/otel/trace | v1.32.0 | v1.33.0 | Held back from upgrade | | | go.uber.org/mock | v0.4.0 | v0.5.0 | | | <details> <summary>Steps performed</summary> ~~~ + go get github.com/golang-jwt/jwt/[email protected] go: upgraded github.com/golang-jwt/jwt/v4 v4.5.0 => v4.5.1 + go get github.com/hashicorp/consul/[email protected] go: upgraded github.com/hashicorp/consul/api v1.29.4 => v1.30.0 + go get github.com/pires/[email protected] go: upgraded github.com/pires/go-proxyproto v0.7.0 => v0.8.0 + go get github.com/robertkrimen/[email protected] go: upgraded github.com/robertkrimen/otto v0.4.0 => v0.5.1 + go get github.com/stretchr/[email protected] go: upgraded github.com/stretchr/testify v1.9.0 => v1.10.0 + go get github.com/valyala/[email protected] go: upgraded github.com/andybalholm/brotli v1.1.0 => v1.1.1 go: upgraded github.com/klauspost/compress v1.17.9 => v1.17.11 go: upgraded github.com/valyala/fasthttp v1.55.0 => v1.58.0 go: upgraded golang.org/x/crypto v0.27.0 => v0.29.0 go: upgraded golang.org/x/net v0.29.0 => v0.31.0 go: upgraded golang.org/x/sync v0.8.0 => v0.9.0 go: upgraded golang.org/x/text v0.18.0 => v0.20.0 + go get golang.org/x/[email protected] go: upgraded golang.org/x/crypto v0.29.0 => v0.31.0 go: upgraded golang.org/x/sync v0.9.0 => v0.10.0 go: upgraded golang.org/x/sys v0.27.0 => v0.28.0 go: upgraded golang.org/x/text v0.20.0 => v0.21.0 + go get golang.org/x/[email protected] go: upgraded golang.org/x/net v0.31.0 => v0.33.0 + go get golang.org/x/[email protected] + go get google.golang.org/[email protected] go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53 go: upgraded google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 => v0.0.0-20241015192408-796eee8c2d53 go: upgraded google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 => v0.0.0-20241015192408-796eee8c2d53 go: upgraded google.golang.org/grpc v1.66.2 => v1.69.2 go: upgraded google.golang.org/protobuf v1.34.2 => v1.35.1 + go get google.golang.org/[email protected] go: upgraded google.golang.org/protobuf v1.35.1 => v1.36.0 + go get github.com/redis/go-redis/[email protected] go: upgraded github.com/redis/go-redis/v9 v9.6.1 => v9.7.0 + go get go.uber.org/[email protected] go: upgraded go.uber.org/mock v0.4.0 => v0.5.0 ~~~ </details> <details> <summary>go mod tidy output</summary> ``` ``` </details> ___ ### **PR Type** dependencies ___ ### **Description** - Updated several dependencies in `go.mod` to their latest versions, including `github.com/golang-jwt/jwt/v4`, `github.com/hashicorp/consul/api`, `github.com/pires/go-proxyproto`, `github.com/robertkrimen/otto`, `github.com/stretchr/testify`, `github.com/valyala/fasthttp`, `golang.org/x/crypto`, `golang.org/x/net`, `golang.org/x/sync`, `google.golang.org/grpc`, and `google.golang.org/protobuf`. - Addressed potential CVEs and improved security by upgrading vulnerable dependencies. - Updated `go.sum` to reflect the changes in `go.mod`, ensuring integrity and consistency of the dependency graph. - Enhanced compatibility and performance by using the latest versions of libraries. ___ ### **Changes walkthrough** 📝 <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Dependencies</strong></td><td><table> <tr> <td> <details> <summary><strong>go.mod</strong><dd><code>Update Go module dependencies to latest versions</code> </dd></summary> <hr> go.mod <li>Updated multiple dependencies to their latest versions.<br> <li> Improved security by addressing potential CVEs in dependencies.<br> <li> Enhanced compatibility and performance with updated libraries.<br> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6795/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6">+19/-19</a> </td> </tr> <tr> <td> <details> <summary><strong>go.sum</strong><dd><code>Update dependency checksums in go.sum</code> </dd></summary> <hr> go.sum <li>Updated checksums for the newly updated dependencies.<br> <li> Ensured consistency and integrity of dependency versions.<br> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6795/files#diff-3295df7234525439d778f1b282d146a4f1ff6b415248aaac074e8042d9f42d63">+42/-40</a> </td> </tr> </table></td></tr></tr></tbody></table> ___ > 💡 **PR-Agent usage**: Comment `/help "your question"` on any pull request to receive relevant information Co-authored-by: titpetric <[email protected]>
- Loading branch information
