Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Switch uuid package to get around GO-2020-0018 #876

Merged
merged 2 commits into from
Oct 18, 2022

Conversation

rutgerc-klarrio
Copy link
Contributor

Replace the github.com/satori/go.uuid package with the github.com/google/uuid
package to work around the GO-2020-0018 vulnerability.
The vulnerability is fixed in satori/go.uuid#75,
but a release has never been tagged.

@sgotti
Copy link
Member

sgotti commented May 30, 2022

@rutgerc-klarrio Thanks for the PR, in other packages I preferred to use of https://github.com/gofrs/uuid: agola-io/agola#311

@rutgerc-klarrio
Copy link
Contributor Author

I've changed the uuid lib with the gofrs uuid package, I have no preference for one over the other.

@sgotti
Copy link
Member

sgotti commented May 31, 2022

@rutgerc-klarrio Thanks, can you please squash in a single commit?

Replace the github.com/satori/go.uuid package with the github.com/gofrs/uuid
package to work around the GO-2020-0018 vulnerability.
The vulnerability is fixed in satori/go.uuid#75,
but a release has never been tagged.
@rutgerc-klarrio
Copy link
Contributor Author

@rutgerc-klarrio Thanks, can you please squash in a single commit?

Done.

@sgotti
Copy link
Member

sgotti commented Oct 18, 2022

Thanks. Merging.

@sgotti sgotti merged commit 1551f11 into sorintlab:master Oct 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants