You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@eventmesh.apache.org by "walterlife (via GitHub)" <gi...@apache.org> on 2023/02/07 07:54:36 UTC

[GitHub] [incubator-eventmesh] walterlife commented on a diff in pull request #3045: [ISSUE #3047] upgrade dependencies to reduce the intrusion of high-risk vulnerabilities

walterlife commented on code in PR #3045:
URL: https://github.com/apache/incubator-eventmesh/pull/3045#discussion_r1098295441


##########
eventmesh-serverless-workflow/go.mod:
##########
@@ -15,36 +15,99 @@
 
 module github.com/apache/incubator-eventmesh/eventmesh-workflow-go
 
-go 1.16
+go 1.18
 
 require (
 	github.com/apache/incubator-eventmesh/eventmesh-catalog-go v0.0.0-20230110063418-8d8aa909d909
 	github.com/apache/incubator-eventmesh/eventmesh-sdk-go v0.0.0-20220923152713-86455c587c5b
 	github.com/apache/incubator-eventmesh/eventmesh-server-go v0.0.0-20220812021948-0945ab92daea
 	github.com/avast/retry-go/v4 v4.0.1
-	github.com/fsnotify/fsnotify v1.5.4 // indirect
 	github.com/gin-gonic/gin v1.8.2
-	github.com/go-openapi/jsonreference v0.20.1 // indirect
-	github.com/go-openapi/spec v0.20.7 // indirect
-	github.com/go-openapi/swag v0.22.3 // indirect
-	github.com/goccy/go-json v0.10.0 // indirect
 	github.com/gogf/gf v1.16.9
 	github.com/google/uuid v1.3.0
 	github.com/itchyny/gojq v0.12.8
-	github.com/mattn/go-isatty v0.0.17 // indirect
 	github.com/prometheus/client_golang v1.12.2
 	github.com/reactivex/rxgo/v2 v2.5.0
 	github.com/serverlessworkflow/sdk-go/v2 v2.1.1
 	github.com/stretchr/testify v1.8.1
 	github.com/swaggo/files v1.0.0
 	github.com/swaggo/gin-swagger v1.5.3
-	github.com/swaggo/swag v1.8.9 // indirect
-	github.com/ugorji/go/codec v1.2.8 // indirect
-	golang.org/x/crypto v0.4.0 // indirect
-	golang.org/x/tools v0.5.0 // indirect
+	github.com/swaggo/swag v1.8.9
 	google.golang.org/grpc v1.48.0
 	google.golang.org/protobuf v1.28.1
 	gopkg.in/yaml.v3 v3.0.1
 	gorm.io/driver/mysql v1.3.5
 	gorm.io/gorm v1.23.8
 )
+
+require (
+	github.com/KyleBanks/depth v1.2.1 // indirect
+	github.com/aliyun/alibaba-cloud-sdk-go v1.61.1704 // indirect

Review Comment:
   @fengshunli hello，why add these indirect dependencies?



##########
eventmesh-catalog-go/go.mod:
##########
@@ -29,10 +29,72 @@ require (
 	gorm.io/gorm v1.23.8
 )
 
+require (
+	github.com/KyleBanks/depth v1.2.1 // indirect
+	github.com/PuerkitoBio/purell v1.1.1 // indirect

Review Comment:
   @fengshunli hello，why add these indirect dependencies?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@eventmesh.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@eventmesh.apache.org
For additional commands, e-mail: dev-help@eventmesh.apache.org