Use of retracted Brotli package due to downstream dependency #330

a-h · 2021-10-26T16:50:07Z

Attempting to get v1.6.0 results in a warning about the brotli package.

$ go get github.com/aws/aws-xray-sdk-go/xray
go: warning: github.com/andybalholm/brotli@v1.0.1: retracted by module author: occasional panics and data corruption
go: to switch to the latest unretracted version, run:
        go get github.com/andybalholm/brotli@latest

This is due to downstream dependency on fasthttp:

$ go mod why github.com/andybalholm/brotli  
# github.com/andybalholm/brotli
# <my package - redacted>
github.com/aws/aws-xray-sdk-go/xray
github.com/valyala/fasthttp
github.com/andybalholm/brotli

fasthttp was updated to use v1.0.2 on the 17th May in this PR:

valyala/fasthttp#1029
valyala/fasthttp@5898006

So, any version after https://github.com/valyala/fasthttp/releases/tag/v1.25.0 would work fine.

A version bump should do it.

The text was updated successfully, but these errors were encountered:

* bump fasthttp dependency, fixes #330 * update go.sum

a-h added a commit to a-h/aws-xray-sdk-go that referenced this issue Oct 26, 2021

bump fasthttp dependency, fixes aws#330

c2dcf9b

a-h mentioned this issue Oct 26, 2021

bump fasthttp dependency, fixes #330 #331

Merged

bhautikpip closed this as completed in #331 Oct 27, 2021

bhautikpip pushed a commit that referenced this issue Oct 27, 2021

bump fasthttp dependency, fixes #330 (#331)

8ec6677

* bump fasthttp dependency, fixes #330 * update go.sum

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use of retracted Brotli package due to downstream dependency #330

Use of retracted Brotli package due to downstream dependency #330

a-h commented Oct 26, 2021

Use of retracted Brotli package due to downstream dependency #330

Use of retracted Brotli package due to downstream dependency #330

Comments

a-h commented Oct 26, 2021