Skip to content

AB#492654 change UUID library#33

Merged
gzapatas merged 3 commits intomasterfrom
AB#492654-change-uuid-library
Dec 3, 2025
Merged

AB#492654 change UUID library#33
gzapatas merged 3 commits intomasterfrom
AB#492654-change-uuid-library

Conversation

@gzapatas
Copy link
Contributor

@gzapatas gzapatas commented Dec 1, 2025
edited
Loading

Issue Link

https://dev.azure.com/nintex/Nintex/_workitems/edit/492654

High-Level Description

Warden, Clortho, Picard - Review go.uuid Vulnerability regarding Insecure UUID Identifiers

Changelog:

  • Changed to github.com/gofrs/uuid/v5
  • Update to go 1.24
  • Refactor interface{} to any

@gzapatas gzapatas requested a review from a team December 1, 2025 17:51
@ccregg ccregg requested a review from Copilot December 1, 2025 18:05
Copilot AI reviewed Dec 1, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses a security vulnerability by migrating from the github.com/satori/go.uuid library to github.com/google/uuid, and modernizes the codebase by refactoring interface{} to any throughout.

Key Changes:

  • Replaced UUID library dependency from satori/go.uuid to google/uuid (v1.6.0) with corresponding API update (uuid.FromStringuuid.Parse)
  • Systematically refactored all occurrences of interface{} to any across the codebase

Reviewed changes

Copilot reviewed 7 out of 8 changed files in this pull request and generated no comments.

Show a summary per file
File Description
go.mod Updated UUID library dependency from satori/go.uuid to google/uuid v1.6.0
go.sum Updated checksums for new google/uuid dependency and removed old satori/go.uuid entries
mapvalue/mapvalue.go Updated UUID import and API call; refactored all function signatures and type assertions from interface{} to any
mapvalue/mapvalue_test.go Refactored all test type declarations from interface{} to any for consistency
middlewares/context.go Refactored all type assertions and map declarations from interface{} to any
redis/client.go Updated Marshal and Unmarshal function signatures to use any instead of interface{}
redis/client_test.go Updated test struct field type from interface{} to any
cache/cache.go Updated function return types and map declarations from interface{} to any

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

acofer
acofer requested changes Dec 2, 2025
View reviewed changes
Copy link
Contributor

@acofer acofer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://www.reddit.com/r/golang/comments/1kmh4cc/is_githubcomgoogleuuid_abandoned/
Let's instead use https://github.com/gofrs/uuid, which is maintained and also is explicit about generating v4 UUIDs

@gzapatas gzapatas requested a review from acofer December 2, 2025 18:57
@gzapatas
Copy link
Contributor Author

gzapatas commented Dec 2, 2025

https://www.reddit.com/r/golang/comments/1kmh4cc/is_githubcomgoogleuuid_abandoned/ Let's instead use https://github.com/gofrs/uuid, which is maintained and also is explicit about generating v4 UUIDs

Nice suggestion, done

@gzapatas gzapatas merged commit 6942a6c into master Dec 3, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@acofer acofer acofer approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gzapatas @acofer