Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Bump Chroma to v2.13.0, includes new Caddyfile lexer #6169

Merged
merged 3 commits into from Mar 12, 2024
Merged

chore: Bump Chroma to v2.13.0, includes new Caddyfile lexer #6169

merged 3 commits into from Mar 12, 2024

Conversation

francislavoie
Copy link
Member

@francislavoie francislavoie commented Mar 12, 2024
edited

@francislavoie francislavoie added the dependencies ⛓️ Pull requests that update a dependency file label Mar 12, 2024
@francislavoie francislavoie added this to the v2.8.0 milestone Mar 12, 2024
@francislavoie francislavoie enabled auto-merge (squash) March 12, 2024 08:28
@francislavoie
Copy link
Member Author

francislavoie commented Mar 12, 2024
edited

govulncheck complained about this:

Vulnerability #1: GO-2024-2605
    SQL injection in github.com/jackc/pgx/v4
  More info: https://pkg.go.dev/vuln/GO-2024-2605
  Module: github.com/jackc/pgx/v4
    Found in: github.com/jackc/pgx/v4@v4.18.0
    Fixed in: github.com/jackc/pgx/v4@v4.18.2
    Example traces found:
Error:       #1: modules/caddypki/acmeserver/acmeserver.go:269:26: acmeserver.openDatabase calls db.New, which eventually calls sanitize.SanitizeSQL

Required through smallstep:

$ go mod why github.com/jackc/pgx/v4
# github.com/jackc/pgx/v4
github.com/caddyserver/caddy/v2/modules/caddypki/acmeserver
github.com/smallstep/nosql
github.com/smallstep/nosql/postgresql
github.com/jackc/pgx/v4

So I ran this to bump the dep:

$ go get github.com/jackc/pgx/v4@v4.18.2

@francislavoie francislavoie merged commit 5b5f8fe into master Mar 12, 2024
25 checks passed
@francislavoie francislavoie deleted the chroma-dep branch March 12, 2024 09:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mohammed90 mohammed90 mohammed90 approved these changes

@mholt mholt Awaiting requested review from mholt

Assignees
No one assigned
Labels
dependencies ⛓️ Pull requests that update a dependency file
Projects
None yet
Milestone
v2.8.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@francislavoie @mohammed90