pgx icon indicating copy to clipboard operation
pgx copied to clipboard
verified publisher icon jackc

Security: Uncaught Exception Violation found by Snyk

Open leslie-corbalt opened this issue 1 year ago • 3 comments

I have the following required packages in go.mod: github.com/jackc/pgx/v5 v5.6.0 github.com/jmoiron/sqlx v1.3.5

My code imports: "github.com/jmoiron/sqlx" "_ github.com/jackc/pgx/v5/stdlib"

Snyk found a vulnerability, Uncaught Exception in pgx/v4, introduced through github.com/jackc/[email protected].

image

leslie-corbalt avatar Jul 19 '24 15:07 leslie-corbalt

It was introduced on July 2, 2024:

image

leslie-corbalt avatar Jul 19 '24 15:07 leslie-corbalt

I have no idea what Snyk is doing. But every time a Snyk issue has been raised before it has been a false positive.

jackc avatar Jul 22 '24 22:07 jackc

I notice that the OP imports .../V5/stdlib yet the snyk report references V4/stdlib...

randecarlson avatar Sep 06 '24 12:09 randecarlson