outdated replace directive in go.mod #417

Morty-luo · 2023-02-08T09:02:26Z

It seems that nginxinc/nginx-kubernetes-gateway at now indirectly depends on newer version of golang.org/x/text and golang.org/x/net which has fixed related vulnerability.
So, it makes no sense to keep according replace directive in go.mod. Should them be dropped?

golang.org/x/net v0.5.0 // indirect
golang.org/x/text v0.6.0 // indirect

replace (
	// temporary fix for CVE-2022-27664
	golang.org/x/net v0.0.0-20220722155237-a158d28d115b => golang.org/x/net v0.0.0-20220906165146-f3363e06e74c
	//temporary fix for CVE-2022-27664
	golang.org/x/text v0.3.7 => golang.org/x/text v0.3.8
)

Aha! Link: https://nginx.aha.io/features/NKG-48

The text was updated successfully, but these errors were encountered:

lucacome · 2023-02-08T16:44:28Z

Hi @Morty-luo thanks for catching this! We should indeed remove the replace 👍

Morty-luo added the proposal label Feb 8, 2023

github-project-automation bot added this to NGINX Gateway Fabric Feb 8, 2023

github-project-automation bot moved this to 🆕 New in NGINX Gateway Fabric Feb 8, 2023

lucacome mentioned this issue Feb 8, 2023

Remove pinned dependencies #419

Merged

lucacome closed this as completed in #419 Feb 10, 2023

github-project-automation bot moved this from 🆕 New to ✅ Done in NGINX Gateway Fabric Feb 10, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

outdated replace directive in go.mod #417

outdated replace directive in go.mod #417

Morty-luo commented Feb 8, 2023 •

edited by brianehlert

Loading

lucacome commented Feb 8, 2023

outdated replace directive in go.mod #417

outdated replace directive in go.mod #417

Comments

Morty-luo commented Feb 8, 2023 • edited by brianehlert Loading

lucacome commented Feb 8, 2023

Morty-luo commented Feb 8, 2023 •

edited by brianehlert

Loading