[chore]: Bump github.com/jackc/pgx/v5 from 5.5.3 to 5.5.5 (#2747)

2025-11-18 09:07:28 -06:00 · 2024-03-11 10:13:33 +00:00 · 2024-03-11 10:13:33 +00:00 · d115f9ebc4
commit d115f9ebc4
parent e24efcac8b
67 changed files with 515 additions and 385 deletions
--- a/vendor/github.com/jackc/pgx/v5/CHANGELOG.md
+++ b/vendor/github.com/jackc/pgx/v5/CHANGELOG.md
@ -1,3 +1,29 @@
+# 5.5.5 (March 9, 2024)
+
+Use spaces instead of parentheses for SQL sanitization.
+
+This still solves the problem of negative numbers creating a line comment, but this avoids breaking edge cases such as
+`set foo to $1` where the substitution is taking place in a location where an arbitrary expression is not allowed.
+
+# 5.5.4 (March 4, 2024)
+
+Fix CVE-2024-27304
+
+SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer
+overflow in the calculated message size can cause the one large message to be sent as multiple messages under the
+attacker's control.
+
+Thanks to Paul Gerste for reporting this issue.
+
+* Fix behavior of CollectRows to return empty slice if Rows are empty (Felix)
+* Fix simple protocol encoding of json.RawMessage
+* Fix *Pipeline.getResults should close pipeline on error
+* Fix panic in TryFindUnderlyingTypeScanPlan (David Kurman)
+* Fix deallocation of invalidated cached statements in a transaction
+* Handle invalid sslkey file
+* Fix scan float4 into sql.Scanner
+* Fix pgtype.Bits not making copy of data from read buffer. This would cause the data to be corrupted by future reads.
+
 # 5.5.3 (February 3, 2024)

 * Fix: prepared statement already exists