mirror of
https://github.com/hashicorp/vault.git
synced 2026-05-19 08:41:20 -04:00
4e4119a02f
* [VAULT-45173] go: bump several dependencies to resolve GHSA-j88v-2chj-qfwx This PR has a set of fairly complex dependency bumps to resolve GHSA-j88v-2chj-qfwx. For the third time in about six weeks, we've had to deal with CVEs in old and unsupported versions of `jackc/pgx`. These changes are for us to rid ourselves of those transitive dependencies completely. First, we get rid `jackc/pgx/v4` by bumping `cloud.google.com/go/cloudsqlconn` to `v1.21.0`, which pulls in `v5`. Next, we have to get rid of `jackc/pgx v3`, which was brought in via chain of `hashicorp/go-discover` -> `joyent/triton-go` -> `jackc/pgx/v3`. First, we updated `go-discover` to pull in the v2 module of `triton-go` from the modern upstream ([0], [1]) and pin to it. Then we update our own manta support to pull in the v2 module. Finally, we replace the `TritonDataCenter/triton-go` module with a fork that removes an unnecessary dep on `pgx/v3`.[2] [0]: https://github.com/hashicorp/go-discover/pull/326 [1]: https://github.com/hashicorp/go-discover/pull/332 [2]: https://github.com/TritonDataCenter/triton-go/pull/207 Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec> |
||
|---|---|---|
| .. | ||
| aerospike | ||
| alicloudoss | ||
| azure | ||
| cassandra | ||
| cockroachdb | ||
| consul | ||
| couchdb | ||
| dynamodb | ||
| etcd | ||
| foundationdb | ||
| gcs | ||
| manta | ||
| mssql | ||
| mysql | ||
| oci | ||
| postgresql | ||
| raft | ||
| s3 | ||
| spanner | ||
| swift | ||
| zookeeper | ||