Skip to content

Update Dependencies & Go version #1371

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
EyalDelarea merged 4 commits into from
Apr 3, 2025
Merged

Update Dependencies & Go version #1371

EyalDelarea merged 4 commits into from
Apr 3, 2025

Conversation

@EyalDelarea
Copy link
Contributor

@EyalDelarea EyalDelarea commented Mar 31, 2025
edited
Loading

  • All tests passed. If this feature is not already covered by the tests, I added new tests.
  • All static analysis checks passed.
  • This pull request is on the dev branch.
  • I used gofmt for formatting the code before submitting the pull request.

This PR focuses on improving the security and stability of the project by:

✅ Go Version Upgrade

  • Upgraded the Go version from 1.23.4 to 1.23.7 in go.mod to leverage the latest performance enhancements and security patches.

🛡️ Security Audit Fixes (jf audit)

  • Addressed all reported issues from the jf audit command:
    • Updated all #nosec G101 comments with #nosec G101 jfrog-ignore to provide inline context and suppress false positives.

🔄 Dependency Updates (Security + Compatibility)

  • Bumped several indirect dependencies to resolve transitive vulnerabilities and ensure compatibility with Go 1.23.7:
    • golang.org/x/*, github.com/golang-jwt/jwt, github.com/forPelevin/gomoji, go-git, etc.

This update ensures the project is aligned with current Go standards and passes JFrog’s internal security audits.

depends on:
jfrog/jfrog-client-go#1104

will resolve:
#1368
#1361
#1358

@EyalDelarea EyalDelarea added the ignore for release Automatically generated release notes label Mar 31, 2025
@EyalDelarea EyalDelarea mentioned this pull request Mar 31, 2025
Merged
4 tasks
@EyalDelarea EyalDelarea marked this pull request as ready for review March 31, 2025 08:47
@EyalDelarea EyalDelarea requested a review from asafgabai March 31, 2025 14:46
@github-actions
Copy link
Contributor

github-actions bot commented Apr 3, 2025

👍 Frogbot scanned this pull request and did not find any new security issues.

@EyalDelarea EyalDelarea merged commit a562cbe into jfrog:dev Apr 3, 2025
5 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@asafgabai asafgabai asafgabai approved these changes

Assignees

No one assigned

Labels

ignore for release Automatically generated release notes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@EyalDelarea @asafgabai