Skip to content

chore: Update pgx dependency#3062

Open
kfelternv wants to merge 1 commit into
NVIDIA:mainfrom
kfelternv:chore-rest-image-vulns
Open

chore: Update pgx dependency#3062
kfelternv wants to merge 1 commit into
NVIDIA:mainfrom
kfelternv:chore-rest-image-vulns

Conversation

@kfelternv

@kfelternv kfelternv commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Upgrade PGX dependency to resolve a security finding

Signed-off-by: Kyle Felter <[email protected]>
@copy-pr-bot

copy-pr-bot Bot commented Jul 1, 2026

Copy link
Copy Markdown

Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually.

Contributors can view more details about this message here.

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: bfc33a8f-6c20-4782-ada2-13f3d293add7

📥 Commits

Reviewing files that changed from the base of the PR and between 6ec3ac9 and 71bcb4f.

⛔ Files ignored due to path filters (1)
  • rest-api/go.sum is excluded by !**/*.sum
📒 Files selected for processing (1)
  • rest-api/go.mod

Summary by CodeRabbit

  • Chores
    • Updated a database-related dependency to a newer patch version for improved stability and reliability.

Walkthrough

This change updates the github.com/jackc/pgx/v5 dependency version in rest-api/go.mod from v5.9.0 to v5.9.2. No other module directives or dependency entries are modified.

Changes

Dependency Update

Layer / File(s) Summary
pgx/v5 patch bump
rest-api/go.mod
Updated the required version of github.com/jackc/pgx/v5 from v5.9.0 to v5.9.2.

Estimated code review effort: 1 (Trivial) | ~2 minutes

Related PRs: None identified.

Suggested labels: dependencies, go

Suggested reviewers: None identified — a single-line dependency bump can be reviewed by any maintainer familiar with the module's Go dependencies.

A single digit shifts in go.mod's quiet ledger,
Pgx sails forward, v5.9.2 the pledge,
No structs, no code, just a version's edge,
Yet even small bumps deserve a careful pledge.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the dependency upgrade as the main change.
Description check ✅ Passed The description is directly related to the pgx version update and its security motivation.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@kfelternv kfelternv marked this pull request as ready for review July 1, 2026 16:52
@kfelternv kfelternv requested a review from a team as a code owner July 1, 2026 16:52
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

🔍 Container Scan Summary

Service Total Critical High Medium Low Other
nico-flow 12 1 2 2 0 7
nico-nsm 4 0 0 4 0 0
nico-psm 12 1 2 2 0 7
nico-rest-api 12 1 2 2 0 7
nico-rest-cert-manager 12 1 2 2 0 7
nico-rest-db 12 1 2 2 0 7
nico-rest-site-agent 12 1 2 2 0 7
nico-rest-site-manager 12 1 2 2 0 7
nico-rest-workflow 12 1 2 2 0 7
TOTAL 100 8 16 20 0 56

Per-CVE detail lives in the per-service grype-* artifacts (JSON + SARIF). Severity counts only — no CVE IDs published here.

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

🔐 TruffleHog Secret Scan

No secrets or credentials found!

Your code has been scanned for 700+ types of secrets and credentials. All clear! 🎉

🔗 View scan details

🕐 Last updated: 2026-07-01 17:03:20 UTC | Commit: 71bcb4f

@thossain-nv thossain-nv left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @kfelternv

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants