Skip to content

chore(deps): Bump github.com/jackc/pgx/v5 from 5.9.1 to 5.9.2 in the go_modules group across 1 directory#1442

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/go_modules/go_modules-dc1255629f
Open

chore(deps): Bump github.com/jackc/pgx/v5 from 5.9.1 to 5.9.2 in the go_modules group across 1 directory#1442
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/go_modules/go_modules-dc1255629f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

Bumps the go_modules group with 1 update in the / directory: github.com/jackc/pgx/v5.

Updates github.com/jackc/pgx/v5 from 5.9.1 to 5.9.2

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.9.2 (April 18, 2026)

Fix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)

SQL injection can occur when:

  1. The non-default simple protocol is used.
  2. A dollar quoted string literal is used in the SQL query.
  3. That query contains text that would be would be interpreted outside as a placeholder outside of a string literal.
  4. The value of that placeholder is controllable by the attacker.

e.g.

attackValue := `$tag$; drop table canary; --`
_, err = tx.Exec(ctx, `select $tag$ $1 $tag$, $1`, pgx.QueryExecModeSimpleProtocol, attackValue)

This is unlikely to occur outside of a contrived scenario.

Commits
  • 0aeabbc Release v5.9.2
  • 60644f8 Fix SQL sanitizer bugs with dollar-quoted strings and placeholder overflow
  • a5680bc Merge pull request #2531 from dolmen-go/godoc-add-links
  • e34e452 doc: Add godoc links
  • 08c9bb1 Fix Stringer types encoded as text instead of numeric value in composite fields
  • 96b4dbd Remove unstable test
  • acf88e0 Merge pull request #2526 from abrightwell/abrightwell-min-proto
  • 2f81f1f Update max_protocol_version and min_protocol_version defaults
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 3, 2026
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

Gen3 Integration Tests

filepath passed skipped SUBTOTAL
tests/test_gen3_workflow.py 25 4 29
TOTAL 25 4 29

Bumps the go_modules group with 1 update in the / directory: [github.com/jackc/pgx/v5](https://github.com/jackc/pgx).


Updates `github.com/jackc/pgx/v5` from 5.9.1 to 5.9.2
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.9.1...v5.9.2)

---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.9.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/go_modules-dc1255629f branch from d77f5c6 to 6bb5ab7 Compare July 9, 2026 19:46
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown

Gen3 Integration Tests

filepath passed skipped SUBTOTAL
tests/test_gen3_workflow.py 25 4 29
TOTAL 25 4 29

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants