mirror of
https://github.com/multica-ai/multica.git
synced 2026-06-17 03:38:32 +02:00
be54e79f38
Remediates two pgx security advisories in a single bump: - CVE-2026-33816 (fixed in 5.9.0) — pgproto3 memory-safety DoS from malformed messages sent by a malicious server. - GHSA-j88v-2chj-qfwx / CVE-2026-41889 (fixed in 5.9.2) — SQL injection via placeholder confusion with dollar-quoted literals under QueryExecModeSimpleProtocol. Not reachable in this codebase (no simple-protocol callers), but pinned to clear future scanner runs. No source changes needed: pgx 5.9.x adds no breaking APIs over 5.8.x (adds PG protocol 3.2 support, SCRAM-SHA-256-PLUS, OAuth, plus pgtype/pgconn bug fixes). Minimum Go bumped to 1.25 in 5.9.0; repo already on 1.26.1. MUL-2597 Co-authored-by: multica-agent <github@multica.ai>
64 lines
2.8 KiB
Modula-2
64 lines
2.8 KiB
Modula-2
module github.com/multica-ai/multica/server
|
|
|
|
go 1.26.1
|
|
|
|
require (
|
|
github.com/aws/aws-sdk-go-v2 v1.41.5
|
|
github.com/aws/aws-sdk-go-v2/config v1.32.13
|
|
github.com/aws/aws-sdk-go-v2/credentials v1.19.13
|
|
github.com/aws/aws-sdk-go-v2/service/s3 v1.97.3
|
|
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.41.5
|
|
github.com/go-chi/chi/v5 v5.2.5
|
|
github.com/go-chi/cors v1.2.2
|
|
github.com/golang-jwt/jwt/v5 v5.3.1
|
|
github.com/google/uuid v1.6.0
|
|
github.com/gorilla/websocket v1.5.3
|
|
github.com/jackc/pgx/v5 v5.9.2
|
|
github.com/lmittmann/tint v1.1.3
|
|
github.com/mattn/go-shellwords v1.0.13
|
|
github.com/oklog/ulid/v2 v2.1.1
|
|
github.com/pelletier/go-toml/v2 v2.3.0
|
|
github.com/prometheus/client_golang v1.23.2
|
|
github.com/redis/go-redis/v9 v9.18.0
|
|
github.com/resend/resend-go/v2 v2.28.0
|
|
github.com/robfig/cron/v3 v3.0.1
|
|
github.com/spf13/cobra v1.10.2
|
|
)
|
|
|
|
require (
|
|
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.8 // indirect
|
|
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.21 // indirect
|
|
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.21 // indirect
|
|
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.21 // indirect
|
|
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.6 // indirect
|
|
github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.22 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.7 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.13 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.21 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.21 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/signin v1.0.9 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/sso v1.30.14 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.18 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/sts v1.41.10 // indirect
|
|
github.com/aws/smithy-go v1.24.2 // indirect
|
|
github.com/beorn7/perks v1.0.1 // indirect
|
|
github.com/cespare/xxhash/v2 v2.3.0 // indirect
|
|
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
|
|
github.com/inconshreveable/mousetrap v1.1.0 // indirect
|
|
github.com/jackc/pgpassfile v1.0.0 // indirect
|
|
github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
|
|
github.com/jackc/puddle/v2 v2.2.2 // indirect
|
|
github.com/kr/text v0.2.0 // indirect
|
|
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
|
|
github.com/prometheus/client_model v0.6.2 // indirect
|
|
github.com/prometheus/common v0.66.1 // indirect
|
|
github.com/prometheus/procfs v0.16.1 // indirect
|
|
github.com/spf13/pflag v1.0.9 // indirect
|
|
go.uber.org/atomic v1.11.0 // indirect
|
|
go.yaml.in/yaml/v2 v2.4.2 // indirect
|
|
golang.org/x/sync v0.20.0 // indirect
|
|
golang.org/x/sys v0.35.0 // indirect
|
|
golang.org/x/text v0.35.0 // indirect
|
|
google.golang.org/protobuf v1.36.8 // indirect
|
|
)
|