search

cyrilgdn / terraform-provider-postgresql

Terraform PostgreSQL provider
https://www.terraform.io/docs/providers/postgresql/
Mozilla Public License 2.0
356 stars 182 forks source link

Bump Go version to 1.19.9 - 1.20.4+ #310

Closed azuterios closed 12 months ago

azuterios commented 1 year ago

Terraform Version

Terraform version 1.4.6 Postgresql provider 1.19.0

Affected Resource(s)

Dear Cyrilgdn team, Please bump the golang version to at least 1.19.9 - 1.20.4+ or to the latest one. During a vulnerability scan, the package lists a vulnerability: CVE-2022-2880 CVE-2023-24540 CVE-2023-24538 CVE-2023-24539 CVE-2023-24536

These vulnerabilities are coming for the outdated Golang version.

Expected Behavior

Vulnerability scan should pass

Actual Behavior

Vulnerabilities are coming up and the deployment fails

kylejohnson commented 12 months ago

This was resolved in #315

kylejohnson commented 12 months ago

Forgot to ask - where do you get these scan results from? May be worth adding to our test suite.

azuterios commented 11 months ago

First off, thank you for the swift change @kylejohnson ! These vulnerabilities are coming from Prismacloud Twistlock scans.