diff --git a/.trivyignore b/.trivyignore index af57e18d..07a5ef66 100644 --- a/.trivyignore +++ b/.trivyignore @@ -1,2 +1,4 @@ # Allow https://nvd.nist.gov/vuln/detail/CVE-2020-26160 (JWT unused, still waiting for child deps upgrade) -CVE-2020-26160 \ No newline at end of file +CVE-2020-26160 +# https://avd.aquasec.com/nvd/2022/cve-2022-27664/ golang.org/x/net is a peer dep of many of our dependencies, require Go 1.18.6+ +CVE-2022-27664 \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index edd879b8..dabbada6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,9 @@ ## Unreleased - ... +## 2022-09-13 +- Hotfix: Previously there was a chance of recursive error wrapping within our [`internal/api/router/error_handler.go`](https://github.com/allaboutapps/go-starter/blob/master/internal/api/router/error_handler.go) in combination with `*echo.HTTPError`. We currently disable this wrapping (as not used anyways) and will schedule a cleaner update regarding this error augmentation approach. + ## 2022-04-15 - Switch [from Go 1.17.1 to Go 1.17.9](https://go.dev/doc/devel/release#go1.17.minor) (requires `./docker-helper.sh --rebuild`). - **BREAKING** Add [`tenv`](https://github.com/sivchari/tenv) and [`errorlint`](https://github.com/polyfloyd/go-errorlint) linter to our default `.golangci.yml` configuration.