gin-keycloakv1.5.0 uses github.com/gin-gonic/gin@v1.7.7 which has an open cve

Question

gin-keycloakv1.5.0 uses github.com/gin-gonic/gin@v1.7.7 which has an open cve

Closed this issue 9 months ago · 6 comments

yossich6 commented a year ago

In issue #18 it was updated that it was fixed but the github.com/gin-gonic/gin@v1.7.7 still appears in go mod.

see https://github.com/tbaehler/gin-keycloak/blob/master/go.mod line 4

Answer 1 · 2023-07-26T15:02:17.000Z

https://github.com/tbaehler/gin-keycloak/blob/v1.5.0/go.mod

please try to update again

Answer 2 · 2023-07-30T13:49:49.000Z

Hey, we saw that go mod file truly contains the new gin-gonic package v1.9.1 but go sum file still contains the cve version, gin-gonic v1.7.7.
I think that you should run the command go mod tidy in order to clean the old version

see https://github.com/tbaehler/gin-keycloak/blob/master/go.sum:
line 679. github.com/gin-gonic/gin v1.7.7 h1:3DoBmSbJbZAWqXJC3SLjAPfutPJJRN1U5pALB7EeTTs=
line 680. github.com/gin-gonic/gin v1.7.7/go.mod h1:axIBovoeJpVj8S3BwE0uPMTeReE4+AfFtqpqaZ1qq1U=

Answer 3 · 2023-08-01T08:29:49.000Z

Hey @tbaehler , any updates?

Answer 4 · 2023-08-01T12:14:59.000Z

at the moment not in the office, pnease create a PR I will approve it with my phoneAm 01.08.2023 um 10:30 schrieb Yossi Cherniak ***@***.***>: Hey @tbaehler , any updates? —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: ***@***.***>

Answer 5 · 2023-08-06T07:47:37.000Z

Hey @tbaehler , please approve the PR: #20
Thank you

Answer 6 · 2024-04-10T06:41:45.000Z

approved thank you