Skip to content

Bump up various versions to clear out vulnerabilities#29

Open
n4zukker wants to merge 11 commits intotobert:mainfrom
n4zukker:main
Open

Bump up various versions to clear out vulnerabilities#29
n4zukker wants to merge 11 commits intotobert:mainfrom
n4zukker:main

Conversation

@n4zukker
Copy link
Copy Markdown

@n4zukker n4zukker commented May 4, 2026

This PR addresses vulnerabilities found by a jfrog/artifactory X-ray scan. Please see #28.

The versions for go, otel and grpc are bumped up. Those newer versions have resolved the vulnerabilities and bringing them in clears everything up. That's the changes in go.mod and go.sum.

The change in main_test.go fixes an error about typing. And the changes to the other two files fix the logging so that messages are always written out without any percent signs being accidentally interpreted as formatting characters.

My golang is a little rusty (no pun intended) so please adjust the code however you like.

Errors fixed in this codebase:

build: main_test.go#L558(*testing.common).Logf format %q has arg cliOut of wrong type bytes.Buffer
build: otelcli/otlpclient.go#L21 non-constant format string in call to (github.com/tobert/otel-cli/otelcli.Config).SoftFail
build: otelcli/config.go#L398 non-constant format string in call to (github.com/tobert/otel-cli/otelcli.Config).SoftFail
build: otelcli/config.go#L371 non-constant format string in call to (github.com/tobert/otel-cli/otelcli.Config).SoftLog

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@n4zukker