[chore]: Bump github.com/jackc/pgx/v5 from 5.5.3 to 5.5.5 (#2747)

2025-06-05 21:59:39 +02:00 · 2024-03-11 10:13:33 +00:00
parent e24efcac8b
commit d115f9ebc4
67 changed files with 515 additions and 385 deletions
--- a/vendor/github.com/jackc/pgx/v5/internal/sanitize/sanitize.go
+++ b/vendor/github.com/jackc/pgx/v5/internal/sanitize/sanitize.go
@ -63,6 +63,10 @@ func (q *Query) Sanitize(args ...any) (string, error) {
 				return "", fmt.Errorf("invalid arg type: %T", arg)
 			}
 			argUse[argIdx] = true
+
+			// Prevent SQL injection via Line Comment Creation
+			// https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p
+			str = " " + str + " "
 		default:
 			return "", fmt.Errorf("invalid Part type: %T", part)
 		}