getting vulnerability alert, got latest version of github.com/volatiletech/sqlboiler/v4 v4.18.0, still getting this alert #1441

umakantyadav1978 · 2025-02-26T14:33:14Z

umakantyadav1978
Feb 26, 2025

There is a vulnerability (Severity: High) in version v1.46.2 of component google.golang.org/grpc.
Package dependency tree:

/Users/uyadav/Work/Prebid_Work/Repository/insights/app_insights-api/go.mod
├─┬ github.com/volatiletech/sqlboiler/v4 v4.18.0 - Go
│ └─┬ github.com/spf13/viper v1.12.0 - Go
│ └── google.golang.org/grpc v1.46.2 - Go
├─┬ github.com/sagikazarmark/crypt v0.6.0 - Go
│ └── google.golang.org/grpc v1.46.2 - Go
└─┬ google.golang.org/api v0.81.0 - Go
└── google.golang.org/grpc v1.46.2 - Go

Answered by aarondl

Mar 29, 2025

This is benign. We don't use grpc in sqlboiler. Until we bump viper to fix this, you can bump the affected library in your own go.mod to fix it if you're concerned.

$ go mod why google.golang.org/grpc
# google.golang.org/grpc
(main module does not need package google.golang.org/grpc)

View full answer

aarondl · 2025-03-29T21:32:33Z

aarondl
Mar 29, 2025
Maintainer

This is benign. We don't use grpc in sqlboiler. Until we bump viper to fix this, you can bump the affected library in your own go.mod to fix it if you're concerned.

$ go mod why google.golang.org/grpc
# google.golang.org/grpc
(main module does not need package google.golang.org/grpc)

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

getting vulnerability alert, got latest version of github.com/volatiletech/sqlboiler/v4 v4.18.0, still getting this alert #1441

{{title}}

Replies: 1 comment

{{title}}

Select a reply

getting vulnerability alert, got latest version of github.com/volatiletech/sqlboiler/v4 v4.18.0, still getting this alert #1441

umakantyadav1978 Feb 26, 2025

Replies: 1 comment

aarondl Mar 29, 2025 Maintainer

umakantyadav1978
Feb 26, 2025

aarondl
Mar 29, 2025
Maintainer