Skip to content

fix(deps): update module github.com/uptrace/bun/driver/pgdriver to v1.2.15 [security] #257

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 19, 2025
Merged

fix(deps): update module github.com/uptrace/bun/driver/pgdriver to v1.2.15 [security] #257

merged 1 commit into from
Sep 19, 2025

Conversation

renovate-sh-app[bot]
Copy link
Contributor

@renovate-sh-app renovate-sh-app bot commented Sep 5, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
github.com/uptrace/bun/driver/pgdriver v1.1.14 -> v1.2.15 age confidence

GitHub Vulnerability Alerts

CVE-2024-44906

uptrace pgdriver v1.2.1 was discovered to contain a SQL injection vulnerability via the appendArg function in /pgdriver/format.go. The maintainer has stated that the issue is fixed in v1.2.15.

uptrace pgdriver SQL injection vulnerability

CVE-2024-44906 / GHSA-h4h6-vccr-44h2 / GO-2025-3765

More information

Details

uptrace pgdriver v1.2.1 was discovered to contain a SQL injection vulnerability via the appendArg function in /pgdriver/format.go. The maintainer has stated that the issue is fixed in v1.2.15.

Severity

  • CVSS Score: 6.5 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

SQL injection vulnerability in github.com/uptrace/bun/driver/pgdriver

CVE-2024-44906 / GHSA-h4h6-vccr-44h2 / GO-2025-3765

More information

Details

SQL injection vulnerability in github.com/uptrace/bun/driver/pgdriver

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Release Notes

uptrace/bun (github.com/uptrace/bun/driver/pgdriver)

v1.2.15

Compare Source

Please refer to CHANGELOG.md for details

v1.2.14

Compare Source

Please refer to CHANGELOG.md for details

v1.2.13

Compare Source

Please refer to CHANGELOG.md for details

v1.2.12

Compare Source

Please refer to CHANGELOG.md for details

v1.2.11

Compare Source

Please refer to CHANGELOG.md for details

v1.2.10

Compare Source

Please refer to CHANGELOG.md for details

v1.2.9

Compare Source

Please refer to CHANGELOG.md for details

v1.2.8

Compare Source

Please refer to CHANGELOG.md for details

v1.2.7

Compare Source

Please refer to CHANGELOG.md for details

v1.2.6

Compare Source

Please refer to CHANGELOG.md for details

v1.2.5

Compare Source

Please refer to CHANGELOG.md for details

v1.2.3

Compare Source

Please refer to CHANGELOG.md for details

v1.2.2

Compare Source

Please refer to CHANGELOG.md for details

v1.2.1

Compare Source

Please refer to CHANGELOG.md for details

v1.2.0

Compare Source

Please refer to CHANGELOG.md for details

v1.1.17

Compare Source

Please refer to CHANGELOG.md for details

v1.1.16

Compare Source

Please refer to CHANGELOG.md for details

v1.1.15

Compare Source

Please refer to CHANGELOG.md for details

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@renovate-sh-app renovate-sh-app bot requested a review from a team as a code owner September 5, 2025 12:29
@renovate-sh-app renovate-sh-app bot enabled auto-merge (squash) September 5, 2025 12:29
@renovate-sh-app
Copy link
Contributor Author

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 14 additional dependencies were updated

Details:

Package Change
github.com/uptrace/bun v1.1.14 -> v1.2.15
go.opentelemetry.io/otel v1.34.0 -> v1.37.0
go.opentelemetry.io/otel/trace v1.34.0 -> v1.37.0
golang.org/x/crypto v0.36.0 -> v0.40.0
golang.org/x/net v0.38.0 -> v0.41.0
github.com/go-logr/logr v1.4.2 -> v1.4.3
github.com/vmihailenco/msgpack/v5 v5.3.5 -> v5.4.1
go.opentelemetry.io/otel/metric v1.34.0 -> v1.37.0
golang.org/x/mod v0.17.0 -> v0.25.0
golang.org/x/sync v0.12.0 -> v0.16.0
golang.org/x/sys v0.31.0 -> v0.34.0
golang.org/x/text v0.23.0 -> v0.27.0
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d -> v0.34.0
mellium.im/sasl v0.3.1 -> v0.3.2

@renovate-sh-app renovate-sh-app bot force-pushed the renovate/go-github.202132.xyz-uptrace-bun-driver-pgdriver-vulnerability branch from e831175 to 7396414 Compare September 18, 2025 12:12
@renovate-sh-app
fix(deps): update module github.com/uptrace/bun/driver/pgdriver to v1…
a85fd4f 
….2.15 [security]

| datasource | package                                | from    | to      |
| ---------- | -------------------------------------- | ------- | ------- |
| go         | github.com/uptrace/bun/driver/pgdriver | v1.1.14 | v1.2.15 |


Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com>
@renovate-sh-app renovate-sh-app bot force-pushed the renovate/go-github.202132.xyz-uptrace-bun-driver-pgdriver-vulnerability branch from 7396414 to a85fd4f Compare September 19, 2025 18:10
@renovate-sh-app renovate-sh-app bot merged commit 2208d24 into main Sep 19, 2025
10 checks passed
@renovate-sh-app renovate-sh-app bot deleted the renovate/go-github.202132.xyz-uptrace-bun-driver-pgdriver-vulnerability branch September 19, 2025 18:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Lantero Lantero Awaiting requested review from Lantero Lantero is a code owner automatically assigned from grafana/k6-cloud-provisioning

@federicotdn federicotdn Awaiting requested review from federicotdn federicotdn is a code owner automatically assigned from grafana/k6-cloud-provisioning

Assignees
No one assigned
Labels
automerge-security-update severity:UNKNOWN
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants