Skip to content

build(deps): bump github.com/jackc/pgx/v5 from 5.9.1 to 5.9.2 in /postgresql/samples#228

Merged
olavloite merged 3 commits into
mainfrom
dependabot/go_modules/postgresql/samples/github.com/jackc/pgx/v5-5.9.2
Jun 11, 2026
Merged

build(deps): bump github.com/jackc/pgx/v5 from 5.9.1 to 5.9.2 in /postgresql/samples#228
olavloite merged 3 commits into
mainfrom
dependabot/go_modules/postgresql/samples/github.com/jackc/pgx/v5-5.9.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 23, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps github.com/jackc/pgx/v5 from 5.9.1 to 5.9.2.

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.9.2 (April 18, 2026)

Fix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)

SQL injection can occur when:

  1. The non-default simple protocol is used.
  2. A dollar quoted string literal is used in the SQL query.
  3. That query contains text that would be would be interpreted outside as a placeholder outside of a string literal.
  4. The value of that placeholder is controllable by the attacker.

e.g.

attackValue := `$tag$; drop table canary; --`
_, err = tx.Exec(ctx, `select $tag$ $1 $tag$, $1`, pgx.QueryExecModeSimpleProtocol, attackValue)

This is unlikely to occur outside of a contrived scenario.

Commits
  • 0aeabbc Release v5.9.2
  • 60644f8 Fix SQL sanitizer bugs with dollar-quoted strings and placeholder overflow
  • a5680bc Merge pull request #2531 from dolmen-go/godoc-add-links
  • e34e452 doc: Add godoc links
  • 08c9bb1 Fix Stringer types encoded as text instead of numeric value in composite fields
  • 96b4dbd Remove unstable test
  • acf88e0 Merge pull request #2526 from abrightwell/abrightwell-min-proto
  • 2f81f1f Update max_protocol_version and min_protocol_version defaults
  • See full diff in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 23, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 23, 2026 00:48
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 23, 2026
@trusted-contributions-gcf trusted-contributions-gcf Bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 23, 2026
@product-auto-label product-auto-label Bot added the samples Issues that are directly related to samples. label Apr 23, 2026
olavloite pushed a commit that referenced this pull request Jun 10, 2026
chore(deps): tidy dependencies for PR #228
9add3d4
olavloite
olavloite approved these changes Jun 10, 2026
View reviewed changes

@olavloite olavloite left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved by AI Dependency Reviewer bot.

@olavloite

olavloite commented Jun 10, 2026

Copy link
Copy Markdown
Collaborator

@dependabot rebase

@dependabot @github

dependabot Bot commented on behalf of github Jun 10, 2026

Copy link
Copy Markdown
Contributor Author

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@olavloite

olavloite commented Jun 10, 2026

Copy link
Copy Markdown
Collaborator

@dependabot recreate

@dependabot dependabot Bot force-pushed the dependabot/go_modules/postgresql/samples/github.com/jackc/pgx/v5-5.9.2 branch from 9add3d4 to f4d8bb0 Compare June 10, 2026 15:51
@olavloite

olavloite commented Jun 11, 2026

Copy link
Copy Markdown
Collaborator

@dependabot recreate

@dependabot
build(deps): bump github.com/jackc/pgx/v5 in /postgresql/samples
e02ae9c 
Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.9.1 to 5.9.2.
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.9.1...v5.9.2)

---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.9.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/postgresql/samples/github.com/jackc/pgx/v5-5.9.2 branch from f4d8bb0 to e02ae9c Compare June 11, 2026 07:18
olavloite
olavloite approved these changes Jun 11, 2026
View reviewed changes

@olavloite olavloite left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved by AI Dependency Reviewer bot.

olavloite
olavloite requested changes Jun 11, 2026
View reviewed changes

@olavloite olavloite left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI Reviewer: Gemini API invocation failed: 503 UNAVAILABLE. {'error': {'code': 503, 'message': 'This model is currently experiencing high demand. Spikes in demand are usually temporary. Please try again later.', 'status': 'UNAVAILABLE'}}

olavloite
olavloite approved these changes Jun 11, 2026
View reviewed changes

@olavloite olavloite left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved by AI Dependency Reviewer bot.

@olavloite olavloite merged commit 18015fc into main Jun 11, 2026
22 checks passed
@olavloite olavloite deleted the dependabot/go_modules/postgresql/samples/github.com/jackc/pgx/v5-5.9.2 branch June 11, 2026 11:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@olavloite olavloite olavloite approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code kokoro:force-run Add this label to force Kokoro to re-run the tests. samples Issues that are directly related to samples.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@olavloite