Switch uuid package to get around GO-2020-0018

sorintlab / stolon

PostgreSQL cloud native High Availability and more.

https://talk.stolon.io

Apache License 2.0

4.62k stars 443 forks source link

Switch uuid package to get around GO-2020-0018 #876

Closed rutgerc-klarrio closed 1 year ago

rutgerc-klarrio commented 2 years ago

Replace the github.com/satori/go.uuid package with the github.com/google/uuid package to work around the GO-2020-0018 vulnerability. The vulnerability is fixed in https://github.com/satori/go.uuid/pull/75, but a release has never been tagged.

sgotti commented 2 years ago

@rutgerc-klarrio Thanks for the PR, in other packages I preferred to use of https://github.com/gofrs/uuid: https://github.com/agola-io/agola/pull/311

rutgerc-klarrio commented 2 years ago

I've changed the uuid lib with the gofrs uuid package, I have no preference for one over the other.

sgotti commented 2 years ago

@rutgerc-klarrio Thanks, can you please squash in a single commit?

rutgerc-klarrio commented 2 years ago

@rutgerc-klarrio Thanks, can you please squash in a single commit?

Done.

sgotti commented 1 year ago

Thanks. Merging.