Security flaw in dependency library for UUID generation

[grafov]

This library depend on github.com/jackc/pgx/v4 that in turn uses github.com/satori/go.uuid library (the proof is https://github.com/jackc/pgx/blob/v4.17.2/go.sum#L103). The library that used for uuid generation is not maintained anymore and have known security issue: satori/go.uuid#120

The possible solution

Upgrade used library to pgx/v5 where the dependency to satori/go.uuid is completely absent.

[perelin]

Still no release (1.4.6) here? github.com/jackc/pgx/v4 was also somehow importing a vulnerable golang.org/x/crypto version, see https://www.cve.org/CVERecord?id=CVE-2020-9283 Seems to be fixed in github.com/jackc/pgx/v5