Security: Uncaught Exception Violation found by Snyk

jackc / pgx

PostgreSQL driver and toolkit for Go

MIT License

10.35k stars 818 forks source link

Open leslie-corbalt opened 1 month ago

leslie-corbalt commented 1 month ago

I have the following required packages in go.mod: github.com/jackc/pgx/v5 v5.6.0 github.com/jmoiron/sqlx v1.3.5

My code imports: "github.com/jmoiron/sqlx" "_ github.com/jackc/pgx/v5/stdlib"

Snyk found a vulnerability, Uncaught Exception in pgx/v4, introduced through github.com/jackc/pgx@v5.6.0.

leslie-corbalt commented 1 month ago

It was introduced on July 2, 2024:

jackc commented 1 month ago

I have no idea what Snyk is doing. But every time a Snyk issue has been raised before it has been a false positive.

randecarlson commented 1 week ago

I notice that the OP imports .../V5/stdlib yet the snyk report references V4/stdlib...