You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Users of go-openapi/strfmt have started to see security vulnerabilities related to the github.com/gobuffalo/packr/v2 module. go-openapi/strfmt defines go.mongodb.org/mongo-driver as a dependency, which in turn defines github.com/gobuffalo/packr/v2 as a dependency.
Link to Snyk: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOBUFFALOPACKRV2-1920670
Opening this issue since a new version of mongo-driver will require at least a small change to strfmt to use the new version.
Is there anything that can be done within the strfmt module itself to alleviate this?
The text was updated successfully, but these errors were encountered:
Update: the mongo-go-driver team plans to deliver a new release (1.8.0) of their package next week which should remove entirely their dependency on the "packr/v2" module. At that time, I can submit a PR that bumps the mongo-go-driver dependency to that new version and that should address the vulnerability.
The mongo-driver team delivered a change in version 1.7.5 that completely removes the packr/v2 dependency (plus others).
I've opened this PR to modify the strfmt project to use this new mongo-driver version: #93
Users of
go-openapi/strfmt
have started to see security vulnerabilities related to thegithub.com/gobuffalo/packr/v2
module.go-openapi/strfmt
definesgo.mongodb.org/mongo-driver
as a dependency, which in turn definesgithub.com/gobuffalo/packr/v2
as a dependency.Link to Snyk: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOBUFFALOPACKRV2-1920670
Opening this issue since a new version of mongo-driver will require at least a small change to strfmt to use the new version.
Is there anything that can be done within the strfmt module itself to alleviate this?
The text was updated successfully, but these errors were encountered: