Skip to content

tests/dnstap: let Go handle its transitive dependencies

Oto Šťáva requested to merge dependabot-fixes into master

Dependabot reported that we have some vulnerable dependencies. The problem is that the ones it wants to bump to do not support older Go versions, which we need to use due to some distros not having the most recent Go packages available.

The go.sum file contains the outdated ones (because I tried with an older Go), but as far as I can tell, from Go docs and other places, it is actually not a lockfile, so newer Go should update the packages regardless of what is in go.sum.

Merge request reports