The pubsub version is outdated and has a vulnerability.

RichardKnop / machinery

Machinery is an asynchronous task queue/job queue based on distributed message passing.

Mozilla Public License 2.0

7.52k stars 914 forks source link

The pubsub version is outdated and has a vulnerability. #795

Open key-R-hash opened 9 months ago

key-R-hash commented 9 months ago

The pubsub v1.10.0 that our machinery uses includes grpc, which has a vulnerability fixed in v1.58.3. You can find the vulnerability report here: https://pkg.go.dev/vuln/GO-2023-2153.

Please update the pubsub package to a higher version.❤️