Skip to content

Commit

Permalink
Change uuid lib to fix vulnerability
Browse files Browse the repository at this point in the history 
Change github.com/satori/go.uuid to github.com/gofrs/uuid. The former is not a
maintained library, and since it has a critical vulnerability CVE-2021-3538
there's an ongoing discussion proposing to change it for the later.
  • Loading branch information
Félix Ortega Hortigüela committed Feb 28, 2022
1 parent e2ff660 commit ee7693e
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 2 deletions.
2 changes: 1 addition & 1 deletion collector/slave_hosts.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@ import (
"database/sql"

"github.com/go-kit/log"
"github.com/gofrs/uuid"
"github.com/prometheus/client_golang/prometheus"
"github.com/satori/go.uuid"
)

const (
Expand Down
3 changes: 2 additions & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,12 @@ require (
github.com/DATA-DOG/go-sqlmock v1.5.0
github.com/go-kit/log v0.2.0
github.com/go-sql-driver/mysql v1.6.0
github.com/gofrs/uuid v4.2.0+incompatible
github.com/prometheus/client_golang v1.11.0
github.com/prometheus/client_model v0.2.0
github.com/prometheus/common v0.32.1
github.com/prometheus/exporter-toolkit v0.7.0
github.com/satori/go.uuid v1.2.0
github.com/satori/go.uuid v1.2.0 // indirect
github.com/smartystreets/goconvey v1.7.2
gopkg.in/alecthomas/kingpin.v2 v2.2.6
gopkg.in/ini.v1 v1.63.2
Expand Down
2 changes: 2 additions & 0 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,8 @@ github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KE
github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/gofrs/uuid v4.2.0+incompatible h1:yyYWMnhkhrKwwr8gAOcOCYxOOscHgDS9yZgBrnJfGa0=
github.com/gofrs/uuid v4.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
Expand Down

0 comments on commit ee7693e

Please sign in to comment.