You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The package github.com/satori/go.uuid@v1.2.0 introduces a vulnerabiltiy to the postgres driver for gorm, meaning we cannot use the default postgres driver and would need to write our own driver to get past this. Wondering if it would be possible to have the dependency github.com/satori/go.uuid@v1.2.0 updated or removed.
Details of vulnerability:
Affected versions of this package are vulnerable to Insecure Randomness producing predictable UUID identifiers due to the limited number of bytes read when using the g.rand.Read function.
The text was updated successfully, but these errors were encountered:
Playground link - N/A
The package github.com/satori/go.uuid@v1.2.0 introduces a vulnerabiltiy to the postgres driver for gorm, meaning we cannot use the default postgres driver and would need to write our own driver to get past this. Wondering if it would be possible to have the dependency
github.com/satori/go.uuid@v1.2.0
updated or removed.Details of vulnerability:
Affected versions of this package are vulnerable to Insecure Randomness producing predictable UUID identifiers due to the limited number of bytes read when using the g.rand.Read function.
The text was updated successfully, but these errors were encountered: