Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulns #32

Merged
merged 55 commits into from
Dec 21, 2023
Merged

Vulns #32

merged 55 commits into from
Dec 21, 2023

Conversation

daniel-garcia
Copy link 

 ~/go/bin/govulncheck ./...
Scanning your code and 943 packages across 155 dependent modules for known vulnerabilities...

No vulnerabilities found.

Share feedback at https://go.dev/s/govulncheck-feedback.

luca-nardelli and others added 21 commits November 29, 2022 15:46
@luca-nardelli
clickhouse: Quote db name in ensureVersionTable
90273fe
@luca-nardelli
Quote in drop as well
9fe7383
@luca-nardelli
Leverage quoteIdentifier from pgx
839421e
@volum-nova
Add to clickhouse README.md database creation
50112e7
@volum-nova
Remove cluster adaptation for tables to pass tests
90a3ac4
@volum-nova
Update README.md
64755d0
@volum-nova
Correct a spelling mistake
3b02b18
@SuperSandro2000
Move supported go version to standard place
92dec35
@mkorolyov
add tests for scylladb. add scylladb to docs
7a72550
@mkorolyov
Merge branch 'master' into scylladb_support
45d23ed
@mkorolyov
small changes to retry failed by timeout CI
f8afa5a
@Kenai
Update aws-sdk-go to adress vulerabilitiy
876a13d
@jorng
Update lib/pq to fix cert permissions issues
f2e0b33 
When attempting to connect to a PostgreSQL database using certificate
credentials, authentication may fail due to permissions issues on the
certificate files. When using migrate in Kubernetes, this issue may be
unavoidable when using secrets.

The github.com/lib/pq library has resolved this issue as of v1.10.6, so
this commit updates that library to the latest release version (v1.10.9)
to resolve the issue in migrate.
@fortnox-andreas
Added support for pgx locking table
129922a 
In order to support running migrations through PgBouncer which does not
support advisory locks.
@tommykfortnox
Added documentation and test for lock strategy
bead4a9
@tobyscott25
Add syntax highlighting to Postgres example
12968a7
@jsabbatini-upguard
Updated version of spanner to support sequences and generate uuid
72957b6
@testwill
fix: typo
ee8a8e5 
Signed-off-by: guoguangwu <[email protected]>
@swensone
feature: add rqlite support
5163ac7
@swensone
Add rqlite 8.0.0 to tested database versions
cf03803
@daniel-garcia
patch vulns
b82c168
@daniel-garcia daniel-garcia changed the base branch from master to ib December 8, 2023 23:14
swensone and others added 8 commits December 14, 2023 09:13
@swensone
update rqlite 8 container version to 8.0.6
669437c
@dhui
Merge pull request golang-migrate#1006 from testwill/typo
7eac919 
fix: typo
@dhui
New release prep
4078ef8 
* Update dktest from v0.3.16 to v0.4.0 to fix docker vulnerability
* Fix linter issues
* Update outdated GitHub Actions
@dhui
Update from alpine 3.18 to 3.19
b567287
@dependabot
Bump golang.org/x/crypto from 0.14.0 to 0.17.0
5ded96d 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0.
- [Commits](golang/crypto@v0.14.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@swensone
add 8.11 and 8.12 versions and remove debug logging
7d03609
@swensone
Merge remote-tracking branch 'upstream/master'
bfedabb
@dhui
Merge pull request golang-migrate#1014 from golang-migrate/dependabot…
834fa39 
…/go_modules/golang.org/x/crypto-0.17.0

Bump golang.org/x/crypto from 0.14.0 to 0.17.0
dhui and others added 25 commits December 19, 2023 21:35
@dhui
Merge pull request golang-migrate#1007 from swensone/master
f375aeb 
Add support for rqlite
@dependabot
Bump google.golang.org/grpc from 1.55.0 to 1.56.3
c3ebd52 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.55.0 to 1.56.3.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.55.0...v1.56.3)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dhui
Merge pull request golang-migrate#999 from tobyscott25/patch-1
b39ee92 
Add syntax highlighting to Postgres example
@dhui
Merge pull request golang-migrate#1015 from golang-migrate/dependabot…
47a2661 
…/go_modules/google.golang.org/grpc-1.56.3

Bump google.golang.org/grpc from 1.55.0 to 1.56.3
@dhui
Merge remote-tracking branch 'origin/master' into upgrade-spanner
fb22436
@dhui
Clean up require directive grouping
5026488
@dhui
Merge pull request golang-migrate#959 from jorng/libpq-update
90c5015 
Update lib/pq to fix cert permissions issues
@dhui
Merge branch 'master' into master
76efa72
@dhui
Merge branch 'master' into scylladb_support
1d1cd48
@dhui
Merge pull request golang-migrate#929 from SuperSandro2000/patch-1
0695426 
Move supported go version to standard place
@dhui
Merge branch 'master' into master
2063684
@dhui
Merge pull request golang-migrate#1002 from jsabbatini-upguard/upgrad…
0ba6fc3 
…e-spanner

Updated version of spanner to support sequences and generate uuid
@dhui
Merge pull request golang-migrate#857 from luca-nardelli/master
a94396c 
clickhouse: Quote db name in ensureVersionTable
@dhui
Merge pull request golang-migrate#947 from mkorolyov/scylladb_support
eb64ffa 
add tests for scylladb. add scylladb to docs
@dhui
Reformat ScyllaDB/Cassandra docs
691f687
@dhui
Merge branch 'master' into master
e8edcdc
@dhui
Merge branch 'master' into clickhouse_create_database_migrations
ab24e76
@tommykfortnox
Quote locktable from config in queries
091ad5d 
Defer rollback of transactions
@dhui
Merge pull request golang-migrate#875 from no-name16/clickhouse_creat…
9c551d4 
…e_database_migrations

clickhouse: add to README.md and examples database creation
@dhui
Merge pull request golang-migrate#956 from Kenai/master
c7c5011 
Update aws-sdk-go to adress vulerabilitiy
@dhui
Update aws-sdk-go from v1.44.301 to v1.49.6
f2c4b52
@dhui
Drop support for Go 1.19 and add support for Go 1.21
cd17c5a
@dhui
Only test against YugabyteDB LTS releases
d63a5c2
@dhui
Fix GoReleaser deprecations
5aa4670 
https://goreleaser.com/deprecations/#-rm-dist
https://goreleaser.com/deprecations/#sourcerlcp
@dhui
Merge pull request golang-migrate#992 from fortnox-andreas/master
0815e2d 
Add support for locking table in pgx-driver
ychen-bloxer
ychen-bloxer approved these changes Dec 20, 2023
View reviewed changes
Copy link

@ychen-bloxer ychen-bloxer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@daniel-garcia daniel-garcia merged commit 9e6d75a into ib Dec 21, 2023
0 of 6 checks passed
@daniel-garcia daniel-garcia deleted the vulns branch December 21, 2023 17:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ychen-bloxer ychen-bloxer ychen-bloxer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.