Skip to content

Upgrade go 1.24.0 -> 1.26.2, jackc/pgx/v5 v5.5.5 -> v5.9.0#141

Closed
ddl-rliu wants to merge 2 commits into
jackc:masterfrom
ddl-rliu:upgrade-pgx-v5.9.0
Closed

Upgrade go 1.24.0 -> 1.26.2, jackc/pgx/v5 v5.5.5 -> v5.9.0#141
ddl-rliu wants to merge 2 commits into
jackc:masterfrom
ddl-rliu:upgrade-pgx-v5.9.0

Conversation

@ddl-rliu

@ddl-rliu ddl-rliu commented Apr 15, 2026
edited
Loading

Copy link
Copy Markdown

Closed in favor of c904f9e

What changes were proposed in this pull request?

Upgrade github.com/jackc/pgx/v5 from v5.5.5 to v5.9.0.

  • go 1.24.0 -> 1.26.2
  • pgx/v5 v5.5.5 -> v5.9.0
  • pgservicefile v0.0.0-20231201235250 -> v0.0.0-20240606120523

go build ./... — compiles successfully
go vet ./... — passes with no issues

@ddl-rliu
Upgrade jackc/pgx/v5 v5.5.5 -> v5.9.0
0068f36 
- pgx/v5 v5.5.5 -> v5.9.0
- pgservicefile v0.0.0-20231201235250 -> v0.0.0-20240606120523

- Resolves vuln CVE-2026-33815

Signed-off-by: ddl-rliu <richard.liu@dominodatalab.com>
Made-with: Cursor
@ddl-rliu ddl-rliu marked this pull request as draft April 15, 2026 21:18
@ddl-rliu ddl-rliu closed this Apr 15, 2026
@ddl-rliu ddl-rliu deleted the upgrade-pgx-v5.9.0 branch April 15, 2026 21:20
@ddl-rliu ddl-rliu restored the upgrade-pgx-v5.9.0 branch April 15, 2026 21:23
@ddl-rliu ddl-rliu changed the title Upgrade jackc/pgx/v5 v5.5.5 -> v5.9.0 Upgrade go 1.24.0 -> 1.25.0, jackc/pgx/v5 v5.5.5 -> v5.9.0 Apr 15, 2026
@ddl-rliu ddl-rliu reopened this Apr 15, 2026
ddl-rliu
ddl-rliu commented Apr 15, 2026
View reviewed changes
Comment thread go.mod
github.com/Masterminds/sprig/v3 v3.3.0
github.com/Microsoft/go-winio v0.6.2
github.com/jackc/pgx/v5 v5.5.5
github.com/jackc/pgx/v5 v5.9.0

@ddl-rliu ddl-rliu Apr 15, 2026

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The latest versions fix some vulns. The vuln reports are probably noisy, and tern may not actually be using any vulnerable functions. The PR aims to simply bump the dependencies rather than go the route of exception requests etc. 🥲

@ddl-rliu ddl-rliu marked this pull request as ready for review April 15, 2026 21:28
@ddl-rliu ddl-rliu changed the title Upgrade go 1.24.0 -> 1.25.0, jackc/pgx/v5 v5.5.5 -> v5.9.0 Upgrade go 1.24.0 -> 1.26.2, jackc/pgx/v5 v5.5.5 -> v5.9.0 Apr 15, 2026
@jackc jackc closed this Apr 25, 2026
@jackc

jackc commented Apr 25, 2026

Copy link
Copy Markdown
Owner

I upgraded pgx to v5.9.2 which includes the latest security fix. Also, I only upgraded the Go dependency to 1.25.0. I didn't want to force upgrades past still supported Go versions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ddl-rliu @jackc