tuliomitico
commented
1 month ago Is time to fix in a new release!
Closed calebeaires closed 1 month ago
tuliomitico
commented
1 month ago Is time to fix in a new release!
kenshaw
commented
1 month ago Thanks for bringing this to my attention. As I'm not able to fully audit all dependencies, the only recourse here is to remove the snowflake driver. I'll notify the snowflake authors and (humbly) ask them to remove this indirect dependency.
calebeaires
commented
1 month ago Thanks for the quick response. I thought it was just about updating the github.com/gabriel-vasile/mimetype dependency. Snowflake is an important component for us, but it would be better to remove it and address the issue quickly.
Please, @kenshaw, consider this in the next release as well - Update databricks - (https://github.com/xo/usql/issues/484)
calebeaires
commented
1 month ago Thank you @kenshaw, much appreciated
The latest release (v0.19.3) contains a dependency that introduces a Trojan vulnerability. Specifically, the library github.com/gabriel-vasile/mimetype (v1.4.4) has been confirmed to include a Trojan, as reported on its GitHub repository.
It is crucial to address this issue promptly to ensure the security and integrity of users. A quick fix is important to prevent potential exploitation and to maintain trust in your software infrastructure. Immediate action should be taken to update or replace the affected library with a secure version.
The author library has already fixed the issue, please apply