You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This library depend on github.com/jackc/pgx/v4 that in turn uses github.com/satori/go.uuid library (the proof is https://github.com/jackc/pgx/blob/v4.17.2/go.sum#L103). The library that used for uuid generation is not maintained anymore and have known security issue: satori/go.uuid#120
The possible solution
Upgrade used library to pgx/v5 where the dependency to satori/go.uuid is completely absent.
The text was updated successfully, but these errors were encountered:
Still no release (1.4.6) here? github.com/jackc/pgx/v4 was also somehow importing a vulnerable golang.org/x/crypto version, see https://www.cve.org/CVERecord?id=CVE-2020-9283 Seems to be fixed in github.com/jackc/pgx/v5
This library depend on
github.com/jackc/pgx/v4
that in turn usesgithub.com/satori/go.uuid
library (the proof is https://github.com/jackc/pgx/blob/v4.17.2/go.sum#L103). The library that used for uuid generation is not maintained anymore and have known security issue: satori/go.uuid#120The possible solution
Upgrade used library to
pgx/v5
where the dependency tosatori/go.uuid
is completely absent.The text was updated successfully, but these errors were encountered: