update Alpine and Golang #102
Conversation
use Go 1.17 and Alpine 3.15
|
I agree with making these updates, but similar to #101 (comment) (see also #98), I want to make sure I'm not merging this with a false expectation -- I do not plan to make a new release with these updates unless there's a more compelling reason to do so than "my security scanner says it's vulnerable" (because the scan result itself is an overzealous scanner -- ultimately the vulnerability is a false positive). |
|
Would you also be willing to update (I'm happy to take over from here if you'd prefer!) |
| require github.com/opencontainers/runc v1.1.0 | ||
|
|
||
| require ( |
There was a problem hiding this comment.
This split is interesting -- is this something the go tooling did automatically?
There was a problem hiding this comment.
Because the number of explicit requirements may be substantially larger in an expanded Go 1.17 go.mod file, the newly-added requirements on indirect dependencies in a go 1.17 module are maintained in a separate require block from the block containing direct dependencies.
it seems native in Golang 1.17 : https://go.dev/doc/go1.17#tools
I fixed it |
|
Thanks! |
|
@tianon I have a question about this change. Shouldn't also the version of gosu be updated from 1.14 to 1.15 for other tools using this library to be able to get this change? |
|
See #104 -- I do not plan to rebuild/release a new version of This PR was merged because it's generally a good idea to keep up-to-date, and I want to make sure that if/when there is a new release of |
use Go 1.17 and Alpine 3.15