deps: upgraded dependency #89
Conversation
|
have you run the tests? https://github.com/ua-parser/uap-go?tab=readme-ov-file#testing unfortunately these aren't automated yet. Also should mention, I took a look at the mentioned vulnerabilities. Practically they aren't interesting for this package - they are all about DOS against the yaml parser, but we don't parse user-supplied yaml. I think we actually just parse the uap-core yaml at build time. That said upgrading is probably a good idea so happy to accept the upgrades, provided the tests pass. |
go.mod
Outdated
| @@ -1,6 +1,8 @@ | |||
| module github.com/ua-parser/uap-go | |||
|
|
|||
| go 1.23.1 | |||
There was a problem hiding this comment.
What's the policy regarding Go version support?
I guess we don't want to force everyone to use the latest Go version?
There was a problem hiding this comment.
I've updated the go directive in go.mod to specify a lower, stable Go version. This change is backward-compatible, as go.mod ensures dependencies are tied to specific commits. However, to enhance backward compatibility and provide a clearer upgrade path, we should consider implementing semantic versioning for the library
Would you accept a PR to setup test in CI using Github Actions? |
sure, please send one! |
Yes, all tests are passing, I have also replaced deprecated ioutil with os package |
There were vulernabilities in older dependencies so I have upgraded it
(GO-2020-0036)
(GO-2021-0061)
(GO-2022-0956)