Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Snyk: gosnowflake google.golang.org/grpc v1.49.0 | Snyk ID - SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328 #931

Closed
github-actions bot opened this issue Oct 12, 2023 · 3 comments
Closed

Snyk: gosnowflake google.golang.org/grpc v1.49.0 | Snyk ID - SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328 #931

github-actions bot opened this issue Oct 12, 2023 · 3 comments
Assignees
@sfc-gh-triage-snowpark-ecosystem-dl
Labels
security vulnerability Security vulnerability detected by WhiteSource status-fixed_awaiting_release The issue has been fixed, its PR merged, and now awaiting the next release cycle of the connector.

Comments

@github-actions
Copy link

Title: Snyk: gosnowflake google.golang.org/grpc v1.49.0
Additional information on Snyk can be found here: https://snyk.io/org/snowflakedb-sca-scanning-public-repo/project/70187b64-3a98-4b6f-a945-48604ebb7832
Repo: gosnowflake
CVE: CVE-2023-44487
Package Type: golang
Package Name: google.golang.org/grpc
Package Version: v1.49.0
Snyk ID: SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328
Vulnerability URL: http://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328
Severity: high
Introduced Date: 2023-10-12
Projects with Vulnerability: snowflakedb/gosnowflake:go.mod
Target File: go.mod
JIRA Ticket: https://snowflakecomputing.atlassian.net/browse/SNOW-938672
@sfc-gh-dszmolka sfc-gh-dszmolka added the status-in_progress Issue is worked on by the driver team label Oct 12, 2023
@sfc-gh-dszmolka
Copy link
Contributor

looking into this as well

@sfc-gh-dszmolka
Copy link
Contributor

should be fixed with #972

@sfc-gh-dszmolka sfc-gh-dszmolka added status-fixed_awaiting_release The issue has been fixed, its PR merged, and now awaiting the next release cycle of the connector. and removed status-in_progress Issue is worked on by the driver team labels Nov 22, 2023
@sfc-gh-dszmolka sfc-gh-dszmolka added the security vulnerability Security vulnerability detected by WhiteSource label Nov 30, 2023
@sfc-gh-dszmolka
Copy link
Contributor

released with 1.7.1, closing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sfc-gh-triage-snowpark-ecosystem-dl sfc-gh-triage-snowpark-ecosystem-dl

Labels
security vulnerability Security vulnerability detected by WhiteSource status-fixed_awaiting_release The issue has been fixed, its PR merged, and now awaiting the next release cycle of the connector.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sfc-gh-dszmolka @sfc-gh-triage-snowpark-ecosystem-dl