Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security: Uncaught Exception Violation found by Snyk #2092

Open
leslie-corbalt opened this issue Jul 19, 2024 · 3 comments
Open

Security: Uncaught Exception Violation found by Snyk #2092

leslie-corbalt opened this issue Jul 19, 2024 · 3 comments

Comments

@leslie-corbalt
Copy link

leslie-corbalt commented Jul 19, 2024

I have the following required packages in go.mod:
github.com/jackc/pgx/v5 v5.6.0
github.com/jmoiron/sqlx v1.3.5

My code imports:
"github.com/jmoiron/sqlx"
"_ github.com/jackc/pgx/v5/stdlib"

Snyk found a vulnerability, Uncaught Exception in pgx/v4, introduced through
github.com/jackc/pgx@v5.6.0.

image

@leslie-corbalt
Copy link
Author

It was introduced on July 2, 2024:

image

@jackc
Copy link
Owner

jackc commented Jul 22, 2024

I have no idea what Snyk is doing. But every time a Snyk issue has been raised before it has been a false positive.

@randecarlson
Copy link

I notice that the OP imports .../V5/stdlib yet the snyk report references V4/stdlib...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants