knz
commented
1 year ago let's try it!
Closed tolidano closed 1 year ago
knz
commented
1 year ago let's try it!
knz
commented
1 year ago 
tolidano
commented
1 year ago trying, but either way, I really appreciate your super fast response and action
knz
commented
1 year ago thanks to you for reporting this. we wouldn't have noticed otherwise.
so github.com/dgrijalva/jwt-go v3.2.0+incompatible has a high vuln in prisma.
echo 4.1.11 uses it: github.com/labstack/echo/v4@v4.1.11 github.com/dgrijalva/jwt-go@v3.2.0+incompatible
which is used by an old sentry-go: github.com/cockroachdb/sentry-go@v0.6.1-cockroachdb.2 github.com/labstack/echo/v4@v4.1.11
which is used by an old errors: github.com/cockroachdb/errors@v1.6.1 github.com/cockroachdb/sentry-go@v0.6.1-cockroachdb.2
which is used by an old datadriven: github.com/cockroachdb/datadriven@v1.0.1-0.20211007161720-b558070c3be0 github.com/cockroachdb/errors@v1.6.1
which is used by a newer errors: github.com/cockroachdb/errors@v1.8.8 github.com/cockroachdb/datadriven@v1.0.1-0.20211007161720-b558070c3be0
which is used by a newer datadriven: github.com/cockroachdb/datadriven@v1.0.1-0.20220214170620-9913f5bc19b7 github.com/cockroachdb/errors@v1.8.8
which is used by the newest errors: github.com/cockroachdb/errors@v1.9.0 github.com/cockroachdb/datadriven@v1.0.1-0.20220214170620-9913f5bc19b7
and I was hoping you might have some idea what I could do.
I see you have a 1.0.2 for datadriven: https://github.com/cockroachdb/datadriven/releases/tag/v1.0.2
so if you could just bump errors to 1.9.1 with that change (or maybe 1.9.2 if those 4 pending commits on master warrant it), that would maybe help?