Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: avoid satori/go.uuid dep due to vulnerability #108

Merged
merged 1 commit into from
Apr 7, 2021
Merged

fix: avoid satori/go.uuid dep due to vulnerability #108

merged 1 commit into from
Apr 7, 2021

Conversation

padamstx
Copy link
Member

@padamstx padamstx commented Apr 7, 2021

PR summary

This PR contains changes to avoid the use of the github.com/satori/go.uuid dependency because it has been found to contain a vulnerability: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488?utm_medium=Partner&utm_source=IBM-Cloud&utm_campaign=DevOps-Code-Risk-Analyzer-Integrates-Snyk-Intel

Instead, the code now uses the github.com/google/uuid package.

PR Checklist

Please make sure that your PR fulfills the following requirements:

  • The commit message follows the Angular Commit Message Guidelines.
  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been added / updated (for bug fixes / features)

Current vs new behavior

Does this PR introduce a breaking change?

  • Yes
  • No

Other information

@padamstx padamstx self-assigned this Apr 7, 2021
@padamstx padamstx merged commit b73e9d4 into main Apr 7, 2021
@padamstx padamstx deleted the fix-satori-uuid-vulnerability branch April 7, 2021 20:58
ibm-devx-automation pushed a commit that referenced this pull request Apr 7, 2021
@semantic-release-bot
chore(release): 0.18.7 release notes [skip ci]
64f84d9 
## [0.18.7](v0.18.6...v0.18.7) (2021-04-07)

### Bug Fixes

* avoid satori/go.uuid dep due to vulnerability ([#108](#108)) ([b73e9d4](b73e9d4))
@ibm-devx-automation
Copy link

🎉 This PR is included in version 0.18.7 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@padamstx padamstx

Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@padamstx @ibm-devx-automation