Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNOW-996366 Snyk: gosnowflake github.com/dvsekhvalnov/jose2go 1.5.0 | Snyk ID - SNYK-GOLANG-GITHUBCOMDVSEKHVALNOVJOSE2GO-6137739 #1015

Closed
github-actions bot opened this issue Dec 22, 2023 · 4 comments
Closed

SNOW-996366 Snyk: gosnowflake github.com/dvsekhvalnov/jose2go 1.5.0 | Snyk ID - SNYK-GOLANG-GITHUBCOMDVSEKHVALNOVJOSE2GO-6137739 #1015

github-actions bot opened this issue Dec 22, 2023 · 4 comments
Assignees
@sfc-gh-dheyman
Labels
security vulnerability Security vulnerability detected by WhiteSource

Comments

@github-actions
Copy link

Title: Snyk: gosnowflake github.com/dvsekhvalnov/jose2go 1.5.0
Additional information on Snyk can be found here: https://snyk.io/org/snowflakedb-sca-scanning-public-repo/project/e47a210a-81f8-47cb-b232-3b98cf52c263
Repo: gosnowflake
CVE:
Package Type: golang
Package Name: github.com/dvsekhvalnov/jose2go
Package Version: 1.5.0
Snyk ID: SNYK-GOLANG-GITHUBCOMDVSEKHVALNOVJOSE2GO-6137739
Vulnerability URL: http://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDVSEKHVALNOVJOSE2GO-6137739
Severity: medium
Introduced Date: 2023-12-21
Projects with Vulnerability: snowflakedb/gosnowflake:go.mod
Target File: go.mod
JIRA Ticket: https://snowflakecomputing.atlassian.net/browse/SNOW-996366
@sfc-gh-dszmolka sfc-gh-dszmolka self-assigned this Dec 27, 2023
@sfc-gh-dszmolka sfc-gh-dszmolka added security vulnerability Security vulnerability detected by WhiteSource status-in_progress Issue is worked on by the driver team labels Dec 27, 2023
@sfc-gh-dszmolka
Copy link
Contributor

comes transitively from dependency github.com/99designs/keyring but there's already version v1.6.0 available of github.com/dvsekhvalnov/jose2go with the fix.

a PR has been already made against 99designs/keyring to bump the dvsekhvalnov/jose2go dependency to v1.6.0, hopefully it gets merged soon.

@sfc-gh-dszmolka sfc-gh-dszmolka changed the title Snyk: gosnowflake github.com/dvsekhvalnov/jose2go 1.5.0 | Snyk ID - SNYK-GOLANG-GITHUBCOMDVSEKHVALNOVJOSE2GO-6137739 SNOW-996366 Snyk: gosnowflake github.com/dvsekhvalnov/jose2go 1.5.0 | Snyk ID - SNYK-GOLANG-GITHUBCOMDVSEKHVALNOVJOSE2GO-6137739 Jan 2, 2024
@sfc-gh-dszmolka
Copy link
Contributor

#1020

@sfc-gh-dszmolka sfc-gh-dszmolka added status-pr_pending_merge A PR is made and is under review status-fixed_awaiting_release The issue has been fixed, its PR merged, and now awaiting the next release cycle of the connector. and removed status-in_progress Issue is worked on by the driver team status-pr_pending_merge A PR is made and is under review labels Jan 3, 2024
@sfc-gh-dszmolka
Copy link
Contributor

PR merged, and will be part of the next (January) release

@sfc-gh-dszmolka sfc-gh-dszmolka removed the status-fixed_awaiting_release The issue has been fixed, its PR merged, and now awaiting the next release cycle of the connector. label Jan 18, 2024
@sfc-gh-dszmolka
Copy link
Contributor

released with gosnowflake 1.7.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sfc-gh-dheyman sfc-gh-dheyman

Labels
security vulnerability Security vulnerability detected by WhiteSource
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sfc-gh-dszmolka @sfc-gh-dheyman