Update Go dependancies for fix a CVE #204
Comments
|
fastest option would be you make your own build with updated dependencies but if it's a security vulnerability affecting current releases then a PR would be most welcome :) |
|
ok no problem, After a test to build your tool, I have 2 problems : These problems there are not important but you can update the doc in readme
My solution for build in local repo is : # for get and update go dependancies
docker run --rm -v .:/usr/local/go/src/github.com/Lusitaniae/apache_exporter -w /usr/local/go/src/github.com/Lusitaniae/apache_exporter golang:latest go get
# for build apache_exporter
docker run --rm -v .:/usr/local/go/src/github.com/Lusitaniae/apache_exporter -w /usr/local/go/src/github.com/Lusitaniae/apache_exporter golang:latest go build -buildvcs=falseand for update version of dependency with CVE : docker run --rm -v .:/usr/local/go/src/github.com/Lusitaniae/apache_exporter -w /usr/local/go/src/github.com/Lusitaniae/apache_exporter golang:latest go get -u golang.org/x/netthis command change the |
|
tell me if you want a PR for the version and the doc ;) |
|
Looks like the dependabot pr is closed so I'm closing this out. Thanks! |
Hello I use your exporter in a docker image of one of my projects but do you have a solution for me to update the Go dependencies of your project because Trivy a tool which analyzes security vulnerabilities in docker containers finds a CVE on a version of the Go dependency that you are using (do you have a way that I can update or rebuild your tool by updating the Go libraries without you having to do a release)
The Trivy result :
My dockerfile implementation of your tool :
The text was updated successfully, but these errors were encountered: