Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNOW-938672 Snyk: gosnowflake google.golang.org/grpc v1.49.0 | Snyk ID - SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328 #1004

Closed
github-actions bot opened this issue Dec 13, 2023 · 3 comments
Closed

SNOW-938672 Snyk: gosnowflake google.golang.org/grpc v1.49.0 | Snyk ID - SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328 #1004

github-actions bot opened this issue Dec 13, 2023 · 3 comments
Assignees
@sfc-gh-snow-drivers-warsaw-dl
Labels
security vulnerability Security vulnerability detected by WhiteSource

Comments

@github-actions
Copy link

Title: Snyk: gosnowflake google.golang.org/grpc v1.49.0
Additional information on Snyk can be found here: https://snyk.io/org/snowflakedb-sca-scanning-public-repo/project/70187b64-3a98-4b6f-a945-48604ebb7832
Repo: gosnowflake
CVE: CVE-2023-44487
Package Type: golang
Package Name: google.golang.org/grpc
Package Version: v1.49.0
Snyk ID: SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328
Vulnerability URL: http://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328
Severity: high
Introduced Date: 2023-10-13
Projects with Vulnerability: snowflakedb/gosnowflake:go.mod
Target File: go.mod
JIRA Ticket: https://snowflakecomputing.atlassian.net/browse/SNOW-938672
@sfc-gh-dszmolka sfc-gh-dszmolka added security vulnerability Security vulnerability detected by WhiteSource status-pr_pending_merge A PR is made and is under review labels Dec 14, 2023
@sfc-gh-dszmolka
Copy link
Contributor

looks like comes from arrow v12

# go mod graph | grep -i grpc
github.com/apache/arrow/go/[email protected] google.golang.org/[email protected]

so should be resolved after bumping it to v14

google.golang.org/grpc v1.58.2

with PR #977

@sfc-gh-dszmolka sfc-gh-dszmolka changed the title Snyk: gosnowflake google.golang.org/grpc v1.49.0 | Snyk ID - SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328 SNOW-938672 Snyk: gosnowflake google.golang.org/grpc v1.49.0 | Snyk ID - SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328 Jan 2, 2024
@sfc-gh-dszmolka sfc-gh-dszmolka added status-fixed_awaiting_release The issue has been fixed, its PR merged, and now awaiting the next release cycle of the connector. and removed status-pr_pending_merge A PR is made and is under review labels Jan 8, 2024
@sfc-gh-dszmolka
Copy link
Contributor

PR merged and will be part of the next (january) release

@sfc-gh-dszmolka sfc-gh-dszmolka removed the status-fixed_awaiting_release The issue has been fixed, its PR merged, and now awaiting the next release cycle of the connector. label Jan 18, 2024
@sfc-gh-dszmolka
Copy link
Contributor

released with gosnowflake 1.7.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sfc-gh-snow-drivers-warsaw-dl sfc-gh-snow-drivers-warsaw-dl

Labels
security vulnerability Security vulnerability detected by WhiteSource
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sfc-gh-dszmolka @sfc-gh-snow-drivers-warsaw-dl