New version/tag - Githubissues

go-gorm / postgres

GORM PostgreSQL driver

MIT License

225 stars 119 forks source link

New version/tag #275

Closed anilsenay closed 2 months ago

anilsenay commented 3 months ago

Your Question

Is there any planning of creating new version tag for postgres package? Latest one, v.1.5.7, is from Mar 9, 2024 and there are some commits after that, including mine.

The document you expected this should be explained

Expected answer

I was wondering If there is any planning or a schedule of versioning.

AgrimPrasad commented 3 months ago

govulncheck also highlights a security issue in a dependency which is fixed on the latest master branch commit, but not in the tag v1.5.7 . Could we please release a new version?

Vulnerability #1: GO-2024-2606
    SQL injection in github.com/jackc/pgproto3 and github.com/jackc/pgx
  More info: https://pkg.go.dev/vuln/GO-2024-2606
  Module: github.com/jackc/pgx/v5
    Found in: github.com/jackc/pgx/v5@v5.4.3
    Fixed in: github.com/jackc/pgx/v5@v5.5.4

anilsenay commented 3 months ago

@jinzhu @a631807682 👆

PeterBocan commented 3 months ago

the author seems to be very unresponsive (for weeks now).

jinzhu commented 2 months ago

Just released a new version. Sorry for the delay, but I have been quite busy over the past month.