-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
github.com/satori/uuid has security issues #308
Comments
Migrate doesn't have a direct dependency on github.com/satori/uuid |
Right, |
It's actually a Cockroachdb's dependancy:
So we can close this issue and open one on their repo. |
Thanks @thesoulless for the pointer! Looks like The issue is already fixed in cockroachdb I updated the driver |
Describe the Bug
Current golang-migrate version uses the package github.com/satori/uuid, which has security issues and seems to be no longer maintained. There is a drop-in replacement github.com/gofrs/uuid by a team who forked satori/uuid, removed the issues and maintains the lib.
Steps to Reproduce
Check module dependencies.
Expected Behavior
Use github.com/gofrs/uuid (satori/uuid compatible interface) or google/uuid.
Migrate Version
v4.7.0
Go Version
go version go1.13 linux/amd64
The text was updated successfully, but these errors were encountered: