Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace satori/uuid with its well-maintained fork #1372

Merged
merged 4 commits into from
Oct 26, 2021
Merged

Replace satori/uuid with its well-maintained fork #1372

merged 4 commits into from
Oct 26, 2021

Conversation

lvrach
Copy link
Member

@lvrach lvrach commented Oct 25, 2021
edited
Loading

Needs https://github.com/rudderlabs/rudder-server-enterprise/pull/50

Issue

"github.com/satori/go.uuid" has the following vulnerability.

✗ High severity vulnerability found in github.com/satori/go.uuid
  Description: Insecure Randomness
  Info: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488
  Introduced through: github.com/satori/[email protected]
  From: github.com/satori/[email protected]

However, this library is no longer maintained satori/go.uuid#115

Solution

Fortunately, good people have forked and actively maintain this library https://github.com/gofrs/uuid.

I have replaced all imports of the unmaintained library with the new one.
I also had to replace: uuid.NewV4() -> uuid.Must(uuid.NewV4()), because the new library returned an error along with the uuid.

@codecov
Copy link

codecov bot commented Oct 25, 2021
edited
Loading

Codecov Report

Merging #1372 (32baa3a) into master (109a9cb) will increase coverage by 0.34%.
The diff coverage is 47.03%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1372      +/-   ##
==========================================
+ Coverage   22.45%   22.79%   +0.34%     
==========================================
  Files         116      116              
  Lines       22148    22269     +121     
==========================================
+ Hits         4973     5076     +103     
- Misses      16857    16879      +22     
+ Partials      318      314       -4
Impacted Files Coverage Δ
event-schema/event_schema.go 0.00% <0.00%> (ø)
event-schema/event_schema_api.go 0.00% <0.00%> (ø)
event-schema/setup.go 0.00% <0.00%> (ø)
...stomdestinationmanager/customdestinationmanager.go 0.00% <0.00%> (ø)
...connection-tester/destination_connection_tester.go 9.35% <0.00%> (ø)
services/pgnotifier/pgnotifier.go 0.00% <0.00%> (ø)
services/stats/stats.go 0.00% <ø> (ø)
services/streammanager/kafka/kafkamanager.go 0.00% <0.00%> (ø)
services/streammanager/streammanager.go 0.00% <0.00%> (ø)
utils/misc/misc.go 0.00% <ø> (ø)
... and 15 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b462faa...32baa3a. Read the comment docs.

@lvrach lvrach marked this pull request as ready for review October 25, 2021 16:39
@chandumlg chandumlg merged commit 46a23ea into master Oct 26, 2021
@chandumlg chandumlg deleted the fix-satori-go.uuid branch October 26, 2021 05:32
@PushkarJ PushkarJ mentioned this pull request Jan 24, 2022
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chandumlg chandumlg chandumlg approved these changes

@cisse21 cisse21 cisse21 approved these changes

@Sidddddarth Sidddddarth Awaiting requested review from Sidddddarth

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lvrach @cisse21 @chandumlg