Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: make other dependencies into submodules (#156) #414

Closed
wants to merge 1 commit into from
Closed

feat: make other dependencies into submodules (#156) #414

wants to merge 1 commit into from

Conversation

hidu
Copy link

@hidu hidu commented Feb 19, 2022

go1.17- also can works
keep the original dependency version

@kamilogorek
Copy link
Contributor

kamilogorek commented Feb 28, 2022
edited
Loading

Thanks for the contribution. There is still no clear answer whether we want to go this route or not, as we'd have to update our release process for this SDK. It may take some time until we make a decision, so please be patient, thanks.

Original ref: #156

(There is apparently one redundant line in go.mod here: https://github.com/getsentry/sentry-go/pull/414/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R13 )

feat: make other dependencies into submodules (#156)
b9a5a1a 
go1.17- also can works
keep the original dependency version
@hidu
Copy link
Author

hidu commented Feb 28, 2022

There is apparently one redundant line in go.mod

deleted

@marco-bianchi-bee
Copy link

Hello @kamilogorek , do you have any updates about this? I got several CVE notifications just because this sdk has kataras/iris as a direct dependency, a submodule structure would so much cleaner.

@kamilogorek
Copy link
Contributor

kamilogorek commented Jun 27, 2022
edited
Loading

@marco-bianchi-bee what version of Go are you using? Since 1.17, you should be able to use https://go.dev/ref/mod#graph-pruning

Once 1.19 releases (should be early August), I'll try to spend some time on this repo and refresh it a bit, as I'm not owning it anymore at the current time.

Reference for self:

@marco-bianchi-bee
Copy link

@kamilogorek thank you for your answer I am using 1.18 so my go.mod and my go.sum look good, but the tool we use (snyk) probably uses go list -m all and so it catches also the dependencies of the dependencies. I am looking forward to the next release:)

@kamilogorek
Copy link
Contributor

@marco-bianchi-bee snyk is using go list -json -deps (https://docs.snyk.io/products/snyk-open-source/language-and-package-manager-support/snyk-for-golang), however, I checked and you are right about it picking up iris.
The original issue in the framework itself has been fixed, but 12.2 is in the beta stage now, so I will update once it's out and the snyk issue will be gone as well.

@marco-bianchi-bee
Copy link

@kamilogorek hello any progress on this? I had to remove sentry as a dependency because the security issues keep piling up.

@kamilogorek
Copy link
Contributor

@marco-bianchi-bee security issues should be resolved in 0.14.0

@cleptric cleptric self-assigned this Oct 27, 2022
@cleptric cleptric linked an issue Oct 30, 2022 that may be closed by this pull request
Split sentry-go into multiple submodules #156
Closed
@github-actions
Copy link

github-actions bot commented Dec 7, 2022

This pull request has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you label it Status: Backlog or Status: In Progress, I will leave it alone ... forever!

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

@cleptric cleptric closed this Aug 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@cleptric cleptric

Labels
Status: Backlog Type: Deprecation Type: Improvement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Split sentry-go into multiple submodules
4 participants
@hidu @kamilogorek @marco-bianchi-bee @cleptric