Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(dependabot_alerts): Updated dependencies to fix dependabot alerts #1265

Merged
merged 1 commit into from
Jan 27, 2025
Merged

fix(dependabot_alerts): Updated dependencies to fix dependabot alerts #1265

merged 1 commit into from
Jan 27, 2025

Conversation

rpaliwal1997
Copy link
Contributor

@rpaliwal1997 rpaliwal1997 commented Jan 27, 2025
edited by pranav-new-relic
Loading

Jira

Dependabot Alerts issues:-

Issue 1 (changes discarded)
Issue 2
Issue 3
Issue 4
Issue 5
Issue 6

I updated the dependencies for above issues to avoid vulnerabilities.

@pranav-new-relic
Copy link
Member

pranav-new-relic commented Jan 27, 2025
edited
Loading

https://github.com/newrelic/newrelic-client-go/security/dependabot/42 is unfixable at the moment because of TestAccountIDHeaderWithPersonalAPIKeyCapableV2Authorizer (a failing unit test). Let's merge this PR without a fix to this alert, and then think of what we can do about this specific alert.

You will notice that when this module is upgraded to 0.7.7, the unit test fails; and this is not intermittent behaviour, it keeps failing all the time. Immediately after reverting it back to 0.7.0, the failure disappears.

@rpaliwal1997 @pranav-new-relic
fix(dependabot_alerts): Updated dependencies to fix dependabot alerts
3e3618c 
chore: revert go-retryablehttp update from 0.7.7 to 0.7.0
@pranav-new-relic pranav-new-relic force-pushed the NR-360591_dependabot_alerts branch from c20f5fe to 3e3618c Compare January 27, 2025 18:18
@pranav-new-relic
Copy link
Member

Screen.Recording.2025-01-27.at.11.54.30.PM.mov

@pranav-new-relic pranav-new-relic merged commit 6336f71 into main Jan 27, 2025
11 of 12 checks passed
@pranav-new-relic
Copy link
Member

Merging the PR for now

@pranav-new-relic pranav-new-relic deleted the NR-360591_dependabot_alerts branch January 27, 2025 18:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pranav-new-relic pranav-new-relic pranav-new-relic approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rpaliwal1997 @pranav-new-relic