Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: bump go-retryablehttp to v0.7.7 #499

Merged
merged 2 commits into from
Aug 8, 2024
Merged

deps: bump go-retryablehttp to v0.7.7 #499

merged 2 commits into from
Aug 8, 2024

Conversation

dduzgun-security
Copy link
Contributor

@dduzgun-security dduzgun-security commented Aug 8, 2024
edited
Loading

@dduzgun-security dduzgun-security marked this pull request as ready for review August 8, 2024 20:25
@dduzgun-security dduzgun-security requested a review from a team as a code owner August 8, 2024 20:25
lbajolet-hashicorp
lbajolet-hashicorp reviewed Aug 8, 2024
View reviewed changes
Copy link
Contributor

@lbajolet-hashicorp lbajolet-hashicorp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @dduzgun-security,

Thanks for the PR! I left a comment on bumping the minimum go version, I would suggest we don't to avoid anyone developing the plugin having to install a more recent version of the go toolchain for local development.

On another note, for curiosity purposes, why are we bumping the go-version here? I understand that retryablehttp gets bumped to address the linked CVE, but it seems that they are still requiring go 1.19 in their modfile, so this looks unrelated; not against the idea of building the plugin with a newer version to be clear, just want to understand the rationale here.

Other than that, LGTM!

go.mod Outdated Show resolved Hide resolved
@dduzgun-security dduzgun-security changed the title deps: bump Go to 1.21.13 and go-retryablehttp to v0.7.7 deps: bump go-retryablehttp to v0.7.7 Aug 8, 2024
lbajolet-hashicorp
lbajolet-hashicorp approved these changes Aug 8, 2024
View reviewed changes
Copy link
Contributor

@lbajolet-hashicorp lbajolet-hashicorp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@dduzgun-security
Copy link
Contributor Author

@lbajolet-hashicorp it seems like I don't have the GitHub permissions to merge. 😄
Would you be able to click on Squash and merge for me please?

@lbajolet-hashicorp
Copy link
Contributor

Yessir, I was waiting for the tests to go green, doing this now :)

@lbajolet-hashicorp lbajolet-hashicorp merged commit ec16b84 into main Aug 8, 2024
12 checks passed
@lbajolet-hashicorp lbajolet-hashicorp deleted the bump/deps-and-go branch August 8, 2024 21:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lbajolet-hashicorp lbajolet-hashicorp lbajolet-hashicorp approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dduzgun-security @lbajolet-hashicorp