Merge branch 'chore/cve-fixes-2026-04-22' into 'master'

agneum · agneum · commit bd64b06c200c · 2026-04-23T04:44:51.000Z
chore(deps): bump pgx, pin Go 1.26.2, base image to docker:29.4.1 (#706)

See merge request postgres-ai/database-lab!1139
diff --git a/.gitlab-ci-security.yml b/.gitlab-ci-security.yml
@@ -26,7 +26,7 @@ cve-govulncheck:
   <<: *security_rules
   stage: security
   image:
-    name: golang:1.26
+    name: golang:1.26.2
     pull_policy: if-not-present
   before_script:
     - go install golang.org/x/vuln/cmd/govulncheck@latest
diff --git a/engine/.gitlab-ci.yml b/engine/.gitlab-ci.yml
@@ -9,7 +9,7 @@ workflow:
 
 default:
   image:
-    name: golang:1.26
+    name: golang:1.26.2
     pull_policy: if-not-present
   interruptible: true  # All jobs can be cancelled by default
 
@@ -70,7 +70,7 @@ lint:
 build-binary-alpine:
   <<: *only_engine
   image:
-    name: golang:1.26-alpine
+    name: golang:1.26.2-alpine
     pull_policy: if-not-present
   stage: build-binary
   artifacts:
diff --git a/engine/Dockerfile.ci-checker b/engine/Dockerfile.ci-checker
@@ -1,4 +1,4 @@
-FROM docker:29.4.0@sha256:a6dd5322747a95cd8e3207bd8d415a8fd20ec34e9c00f06dc019cbd912013489
+FROM docker:29.4.1@sha256:c77e5d7912f9b137cc67051fdc2991d8f5ae22c55ddf532bb836dcb693a04940
 
 # Install dependencies.
 RUN apk upgrade --no-cache && apk add --no-cache bash
diff --git a/engine/Dockerfile.dblab-cli b/engine/Dockerfile.dblab-cli
@@ -1,4 +1,4 @@
-FROM docker:29.4.0@sha256:a6dd5322747a95cd8e3207bd8d415a8fd20ec34e9c00f06dc019cbd912013489
+FROM docker:29.4.1@sha256:c77e5d7912f9b137cc67051fdc2991d8f5ae22c55ddf532bb836dcb693a04940
 
 # Install dependencies.
 RUN apk upgrade --no-cache && apk add --no-cache bash jq tzdata
diff --git a/engine/Dockerfile.dblab-server b/engine/Dockerfile.dblab-server
@@ -1,6 +1,6 @@
 # See Guides to learn how to start a container: https://postgres.ai/docs/how-to-guides/administration/engine-manage
 
-FROM docker:29.4.0@sha256:a6dd5322747a95cd8e3207bd8d415a8fd20ec34e9c00f06dc019cbd912013489
+FROM docker:29.4.1@sha256:c77e5d7912f9b137cc67051fdc2991d8f5ae22c55ddf532bb836dcb693a04940
 
 # Install dependencies
 RUN apk upgrade --no-cache \
diff --git a/engine/Dockerfile.dblab-server-debug b/engine/Dockerfile.dblab-server-debug
@@ -1,7 +1,7 @@
 # How to start a container: https://postgres.ai/docs/how-to-guides/administration/engine-manage
 
 # Compile stage
-FROM golang:1.26 AS build-env
+FROM golang:1.26.2 AS build-env
 
 # Build Delve
 RUN go install github.com/go-delve/delve/cmd/dlv@latest
@@ -12,7 +12,7 @@ RUN go install github.com/go-delve/delve/cmd/dlv@latest
 # RUN GO111MODULE=on CGO_ENABLED=0 go build -gcflags="all=-N -l" -o /dblab-server-debug ./cmd/database-lab/main.go
 
 # Final stage
-FROM docker:29.4.0@sha256:a6dd5322747a95cd8e3207bd8d415a8fd20ec34e9c00f06dc019cbd912013489
+FROM docker:29.4.1@sha256:c77e5d7912f9b137cc67051fdc2991d8f5ae22c55ddf532bb836dcb693a04940
 
 # Install dependencies
 # Install the pinned edge-repo zfs build before `apk upgrade`, then pass
diff --git a/engine/go.mod b/engine/go.mod
@@ -21,7 +21,7 @@ require (
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/mux v1.8.1
 	github.com/gorilla/websocket v1.5.3
-	github.com/jackc/pgx/v5 v5.9.1
+	github.com/jackc/pgx/v5 v5.9.2
 	github.com/lib/pq v1.10.9
 	github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58
 	github.com/pkg/errors v0.9.1
diff --git a/engine/go.sum b/engine/go.sum
@@ -116,8 +116,8 @@ github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsI
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
-github.com/jackc/pgx/v5 v5.9.1 h1:uwrxJXBnx76nyISkhr33kQLlUqjv7et7b9FjCen/tdc=
-github.com/jackc/pgx/v5 v5.9.1/go.mod h1:mal1tBGAFfLHvZzaYh77YS/eC6IX9OWbRV1QIIM0Jn4=
+github.com/jackc/pgx/v5 v5.9.2 h1:3ZhOzMWnR4yJ+RW1XImIPsD1aNSz4T4fyP7zlQb56hw=
+github.com/jackc/pgx/v5 v5.9.2/go.mod h1:mal1tBGAFfLHvZzaYh77YS/eC6IX9OWbRV1QIIM0Jn4=
 github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo=
 github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM docker:29.4.0@sha256:a6dd5322747a95cd8e3207bd8d415a8fd20ec34e9c00f06dc019cbd912013489`
	`1`	`+FROM docker:29.4.1@sha256:c77e5d7912f9b137cc67051fdc2991d8f5ae22c55ddf532bb836dcb693a04940`
`2`	`2`
`3`	`3`	`# Install dependencies.`
`4`	`4`	`RUN apk upgrade --no-cache && apk add --no-cache bash`