search

auxten / postgresql-parser

Pure Golang PostgreSQL (SQL:2011, SQL:2008, SQL:2003, SQL:1999, and SQL-92 Standard) Parser
Apache License 2.0
273 stars 50 forks source link

Dependency security warning #17

Closed a631807682 closed 2 years ago

a631807682 commented 2 years ago

I am getting a high severity security warning, can we update this dependency?

Improper Input Validation in GoGo Protobuf

Package Affected versions Patched version
github.com/gogo/protobuf(Go) < 1.3.2 1.3.2

An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.

auxten commented 2 years ago

yes, can you create a pull request for that?