Commit 8fefc86
authored
chore(deps): bump github.com/jackc/pgx/v5 to v5.9.0 (#1936)
#### What this PR does / why we need it
Bumps `github.com/jackc/pgx/v5` from v5.8.0 to v5.9.0 to address
CVE-2026-33815 (GHSA-xgrm-4fwx-7qm8), a memory-safety vulnerability in
`pgproto3.Backend.Receive` and `Bind.Decode` (CVSS 9.8). Fixed upstream
in v5.9.0.
pgx is an indirect dependency only — pulled in via cosign → sigstore-go
→ certificate-transparency-go's optional postgresql storage backend.
#### Which issue(s) this PR fixes
Fixes: CVE-2026-33815 / GHSA-xgrm-4fwx-7qm8
<!-- markdownlint-disable MD041 -->
#### What this PR does / why we need it
#### Which issue(s) this PR is related to
<!--
Usage: `Related to #<issue number>`, or `Related to (paste link of
issue)`.
-->
Signed-off-by: Piotr Janik <piotr.janik@sap.com>1 parent 175a97a commit 8fefc86
2 files changed
Lines changed: 3 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
333 | 333 | | |
334 | 334 | | |
335 | 335 | | |
| 336 | + | |
336 | 337 | | |
337 | 338 | | |
338 | 339 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
786 | 786 | | |
787 | 787 | | |
788 | 788 | | |
789 | | - | |
790 | | - | |
| 789 | + | |
| 790 | + | |
791 | 791 | | |
792 | 792 | | |
793 | 793 | | |
| |||
0 commit comments