Comments (3)
From what I can tell (go mod graph
), all 5 vulnerabilities come from gopkg.in/DataDog/dd-trace-go
. The latest version (v1.39.0 still depends on the same packages). I will reach out to the team that manages that repo and will bump the version once they update.
from datadog-lambda-go.
dd-trace-go
depends on github.com/hashicorp/vault/api v1.1.0
which depends on all these reported vulnerabilities.
https://github.com/DataDog/dd-trace-go/blob/e5fb07470a220a3a31759a986561afb0440a18da/go.mod#L55
from datadog-lambda-go.
Hi @MRabenda, I have bumped the dependency of dd-trace-go
to the latest version, which addresses the concerns, and have released v1.6.0. Thanks for letting us know!
from datadog-lambda-go.
Related Issues (20)
- Support for SetUser
- release with fasthttp lib 1.35 HOT 2
- Build time increased 8x from including package HOT 2
- Upgrade to github.com/aws/aws-sdk-go-v2 HOT 1
- upgrade dd-trace-go to v1.41.0 or newer HOT 2
- Update github.com/aws/aws-xray-sdk-go to latest version HOT 1
- Allow to set variables via datadog.yaml HOT 2
- Unable to add tags to Span created by Lambda Wrapper HOT 5
- Include the layer arn's on the releases like all the other DataDog lambda layer repos HOT 2
- Custom metrics with percentile calculations HOT 1
- Not running handler HOT 2
- Flush Metrics HOT 7
- upgrade dd-trace-go to v1.60.2 or newer HOT 1
- Handle panic in handle code?
- Error values are logged as INFO level logs instead of ERRORs in datadog HOT 3
- Enhanced metrics always flushed to logs HOT 1
- Support for monitoring invocation payloads HOT 2
- Support for DD_API_KEY_SECRET_ARN environment variable HOT 1
- Add support for tracer Env and Version tags HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from datadog-lambda-go.